Summary
When installing the Epic Games Launcher on Windows, the EpicGamesUpdater and EpicOnlineServices Windows Services executibles are unquoted.
Please select what you are reporting on:
Creative
What Type of Bug are you experiencing?
Other
Steps to Reproduce
Install the Epic Games Launcher on Windows 11.
Expected Result
EpicGamesUpdater = “C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesUpdater.exe”
EpicOnlineServices = “C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe”
Observed Result
EpicGamesUpdater = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesUpdater.exe
EpicOnlineServices = C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe
Platform(s)
Windows
Additional Notes
Across all Windows machines with the Epic Games Launcher installed an attacker can exploit this misconfiguration in order to perform path interception to gain escalation of privileges and persistency on the machine.