Xbox Gaming Services Elevation of Privilege Vulnerability
CVE-2024-28916

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Xbox Gaming Services
Vendor: CVE Published:; 21 March 2024

🔔 Create Microsoft Vulnerability Alert

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2024-28916?

An elevation of privilege vulnerability exists in Xbox Gaming Services that could allow an attacker to gain increased access rights. This security flaw may impact user sessions, enabling malicious actors to perform unauthorized actions. Users are at risk of having their gaming environments compromised. It is essential for stakeholders to monitor updates and implement recommended security measures to mitigate this issue. For more detailed information about this vulnerability, refer to Microsoft’s vendor advisory.

Affected Version(s)

Xbox Gaming Services Unknown 19.0.0.0 < 19.87.13001.0

News Articles

Xbox Gaming Services Flaw Let Attackers Gain SYSTEM Privileges

A new elevation of privilege vulnerability has been discovered in the Xbox Gaming services that allows a threat actor to elevate their

thmubnail image

Microsoft Patches Xbox Vulnerability Following Public Disclosure

Microsoft patches Xbox Gaming Services vulnerability CVE-2024-28916 after initially saying it was not a security issue.

thmubnail image

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Sep 2, 2024
Vulnerability published
Mar 21, 2024
📰
First article discovered by SecurityWeek
Mar 20, 2024

.