Security News > 2020 > November > Games in Microsoft Store Can Be Abused for Privilege Escalation on Windows
A researcher at cybersecurity services provider IOActive has identified a privilege escalation vulnerability in Windows that can be exploited by abusing games in the Microsoft Store.
Ferrante discovered the vulnerability after Microsoft announced that it started allowing mods for some games in the Microsoft Store.
Ferrante created symlinks between the ModifiableWindowsApps folder, which Microsoft created for storing games that can be moded, and a folder placed on a different drive that he could access.
The attack requires the attacker to change Windows storage settings so that new apps are saved to the drive they have access to, and they also need to install a game from the Microsoft Store.
The attack scenario described by Ferrante involves steps that would be visible on the screen, such as installing a game from the Microsoft Store and changing storage settings, which would increase the chances of the victim discovering the attack.
News URL
Related news
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft removes Assassin’s Creed Windows 11 upgrade blocks (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- Microsoft: January Windows security updates break audio playback (source)