Security
Headlines
HeadlinesLatestCVEs

Headline

Microsoft GamingServicesNet 12.77.3001.0 Unquoted Service Path

Microsoft GamingServicesNet version 12.77.3001.0 suffers from an unquoted service path vulnerability.

Packet Storm
#vulnerability#windows#microsoft#auth#sap
# Exploit Title: Microsoft GamingServicesNet 12.77.3001.0 -'GamingServicesNet' Unquoted Service Path# Exploit Author: tmrswrr# Exploit Date: 2023-05.17# Vendor : https://www.microsoft.com/store/productId/9MWPM2CQNLHN# Version : 12.77.3001.0# Tested on OS: Windows 10 Enterprise# Step to discover Unquoted Service Path:==============>> wmic service get name,displayname,pathname,startmode |findstr /i "auto"|findstr /i /v "c:\windows\\" |findstr /i /v """Gaming Services GamingServicesNetC:\ProgramFiles\WindowsApps\Microsoft.GamingServices_12.77.3001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe                                                              AutoC:\>sc qc GamingServicesNet[SC] QueryServiceConfig SUCCESSSERVICE_NAME: GamingServicesNet        TYPE               : 210  WIN32_PACKAGED_PROCESS        START_TYPE         : 2   AUTO_START        ERROR_CONTROL      : 0   IGNORE        BINARY_PATH_NAME   : C:\ProgramFiles\WindowsApps\Microsoft.GamingServices_12.77.3001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe        LOAD_ORDER_GROUP   :        TAG                : 0        DISPLAY_NAME       : Gaming Services        DEPENDENCIES       : staterepository        SERVICE_START_NAME : NT AUTHORITY\LocalServiceC:\>systeminfoHost Name:                 DESKTOP-JAN8AJHOS Name:                   Microsoft Windows 10 Enterprise EvaluationOS Version:                10.0.19045 N/A Build 19045

Packet Storm: Latest News

Ubuntu Security Notice USN-7089-6