CVE-2024-28916
published 2024-03-21CVE-2024-28916: Xbox Gaming Services Elevation of Privilege Vulnerability
PriorityP279high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.65%
46.6th percentile
Xbox Gaming Services Elevation of Privilege Vulnerability
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | xbox_gaming_services | < 19.87.13001.0 | 19.87.13001.0 |
| microsoft | xbox_gaming_services | >= 19.0.0.0 < 19.87.13001.0 | 19.87.13001.0 |
| msrc | xbox_gaming_services | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attacker must have local access and be able to create folders and performance traces with standard user privileges — monitor for unusual folder creation or performance trace activity by low-privileged users in the context of Xbox Gaming Services. ↗
- →Successful exploitation results in SYSTEM-level privilege escalation — alert on Xbox Gaming Services (Microsoft.GamingServices) processes spawning child processes or performing actions at SYSTEM integrity level from a low-privileged parent. ↗
- →Scope change is involved — the vulnerable component and impacted component are different security authorities. Monitor for cross-boundary privilege escalation originating from the Xbox Gaming Services app package. ↗
- ·Exploitation is publicly disclosed but not yet observed in the wild as of advisory publication — treat as higher priority given 'Exploitation More Likely' rating. ↗
- ·Automatic Microsoft Store updates may be disabled by users or organizations (Store for Business/Education), leaving systems unpatched — verify package version is 19.87.13001.0 or later across the fleet. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vulncheck8.8HIGH
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r65q-qpw9-v3qf: Xbox Gaming Services Elevation of Privilege Vulnerability
ghsa_unreviewed·2024-03-21
CVE-2024-28916 [HIGH] CWE-59 GHSA-r65q-qpw9-v3qf: Xbox Gaming Services Elevation of Privilege Vulnerability
Xbox Gaming Services Elevation of Privilege Vulnerability
VulnCheck
Microsoft xbox_gaming_services Improper Link Resolution Before File Access ('Link Following')
vulncheck·2024·CVSS 8.8
CVE-2024-28916 [HIGH] Microsoft xbox_gaming_services Improper Link Resolution Before File Access ('Link Following')
Microsoft xbox_gaming_services Improper Link Resolution Before File Access ('Link Following')
Xbox Gaming Services Elevation of Privilege Vulnerability
Affected: Microsoft xbox_gaming_services
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://securelist.com/vulnerabilities-and-exploits-in-q4-2024/115761/
Microsoft
Xbox Gaming Services Elevation of Privilege Vulnerability
vendor_msrc·2024-03-12·CVSS 8.8
CVE-2024-28916 [HIGH] CWE-59 Xbox Gaming Services Elevation of Privilege Vulnerability
Xbox Gaming Services Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.
FAQ: According to the CVSS metrics, the attack vector is local (AV:L) and privilege required is low (PR:L). What does that mean for this vulnerabil
No detection rules found.
No public exploits indexed.
Securelist
Vulnerability landscape analysis for Q4 2024
blogs_securelist·2025-02-26
Vulnerability landscape analysis for Q4 2024
Table of Contents
- Statistics on registered vulnerabilities
- Exploitation statistics
- Vulnerability exploitation in APT attacks
- Interesting vulnerabilities
- Conclusion and advice
Authors
- Alexander Kolesnikov
Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters. Although the number of registered vulnerabilities continued to rise, the total number of Proof of Concept (PoC) instances decreased compared to 2023. Among notable techniques in Q4, attackers leveraged undocumented RPC interfaces and targeted the Windows authentication mechanism.
## Statistics on registered vulnerabilities
This section contains statistics on registered vulnerabilities. Data is sourced from the CVE portal: cve.org.
Total number of registered vulnerabilities a
Securelist
Exploits and vulnerabilities in Q4 2024
blogs_securelist·2025-02-26·CVSS 6.5
CVE-2024-43572 [MEDIUM] Exploits and vulnerabilities in Q4 2024
Table of Contents
Statistics on registered vulnerabilities
Exploitation statistics
Windows and Linux vulnerability exploitation
Most common published exploits
Vulnerability exploitation in APT attacks
Interesting vulnerabilities
CVE-2024-43572—Remote code execution vulnerability in Microsoft Management Console
CVE-2024-43451—NetNTLM hash disclosure vulnerability
CVE-2024-49039—Elevation of privilege vulnerability in Windows Task Scheduler
Conclusion and advice
Authors
Alexander Kolesnikov
Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters. Although the number of registered vulnerabilities continued to rise, the total number of Proof of Concept (PoC) instances decreased compared to 2023. Among notable techniques in Q4, attackers leve
2024-03-21
Published
Exploited in the wild