Security News > 2020 > November > Games in Microsoft Store Can Be Abused for Privilege Escalation on Windows
A researcher at cybersecurity services provider IOActive has identified a privilege escalation vulnerability in Windows that can be exploited by abusing games in the Microsoft Store.
Ferrante discovered the vulnerability after Microsoft announced that it started allowing mods for some games in the Microsoft Store.
Ferrante created symlinks between the ModifiableWindowsApps folder, which Microsoft created for storing games that can be moded, and a folder placed on a different drive that he could access.
The attack requires the attacker to change Windows storage settings so that new apps are saved to the drive they have access to, and they also need to install a game from the Microsoft Store.
The attack scenario described by Ferrante involves steps that would be visible on the screen, such as installing a game from the Microsoft Store and changing storage settings, which would increase the chances of the victim discovering the attack.
News URL
Related news
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
- Microsoft fixes Windows update bug that uninstalled Copilot (source)
- Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix (source)
- Microsoft: Recent Windows updates cause Remote Desktop issues (source)
- Microsoft fixes printing issues caused by January Windows updates (source)
- Microsoft: New Windows scheduled task will launch Office apps faster (source)