"Microsoft Patches Xbox Vulnerability Following Public Disclosure"

Microsoft has recently released a patch for an Xbox vulnerability after initially telling the reporting researcher that it was not a security issue.  The vulnerability is tracked as CVE-2024-2891, and it impacts Xbox Gaming Services.  Microsoft says that it has "important" severity and can easily be exploited by a local attacker with low privileges to escalate permissions to the System.  Microsoft noted that an attacker must have local access to the targeted machine and must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default.  Microsoft says it has informed customers that app package versions 19.87.13001.0 and later patch the vulnerability.  The fix should automatically be delivered to users who have automatic updates enabled.  Microsoft's advisory credits Filip Dragovic for reporting CVE-2024-2891 and informs customers that the vulnerability has been publicly disclosed.  Dragovic disclosed the details of the vulnerability on March 12. 

SecurityWeek reports: "Microsoft Patches Xbox Vulnerability Following Public Disclosure"