cbcvebase.
CVE-2024-28916
published 2024-03-21

CVE-2024-28916: Xbox Gaming Services Elevation of Privilege Vulnerability

PriorityP279high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.65%
46.6th percentile
Xbox Gaming Services Elevation of Privilege Vulnerability

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftxbox_gaming_services< 19.87.13001.019.87.13001.0
microsoftxbox_gaming_services>= 19.0.0.0 < 19.87.13001.019.87.13001.0
msrcxbox_gaming_services

Detection & IOCsextracted from sources · hover to see the quote

commandget-appxpackage Microsoft.GamingServices
versionMicrosoft.GamingServices < 19.87.13001.0
  • Attacker must have local access and be able to create folders and performance traces with standard user privileges — monitor for unusual folder creation or performance trace activity by low-privileged users in the context of Xbox Gaming Services.
  • Successful exploitation results in SYSTEM-level privilege escalation — alert on Xbox Gaming Services (Microsoft.GamingServices) processes spawning child processes or performing actions at SYSTEM integrity level from a low-privileged parent.
  • Scope change is involved — the vulnerable component and impacted component are different security authorities. Monitor for cross-boundary privilege escalation originating from the Xbox Gaming Services app package.
  • ·Exploitation is publicly disclosed but not yet observed in the wild as of advisory publication — treat as higher priority given 'Exploitation More Likely' rating.
  • ·Automatic Microsoft Store updates may be disabled by users or organizations (Store for Business/Education), leaving systems unpatched — verify package version is 19.87.13001.0 or later across the fleet.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vulncheck8.8HIGH
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.