CVE-2021-33879 – This vulnerability allows attackers to perform ... (How to Fix)

Q: What is the severity of CVE-2021-33879?

CVE-2021-33879 has a CVSS score of 8.1 (HIGH). This vulnerability allows attackers to perform man-in-the-middle attacks against Tencent GameLoop's update mechanism. By intercepting insecure HTTP connections, attackers can replace legitimate update packages with malicious executables that execute on victims' Windows machines. All GameLoop users before version 4.1.21.90 are affected.

📋 TL;DR

This vulnerability allows attackers to perform man-in-the-middle attacks against Tencent GameLoop's update mechanism. By intercepting insecure HTTP connections, attackers can replace legitimate update packages with malicious executables that execute on victims' Windows machines. All GameLoop users before version 4.1.21.90 are affected.

💻 Affected Systems

Products:

Tencent GameLoop

Versions: All versions before 4.1.21.90

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration when checking for updates.

📦 What is this software?

Gameloop by Tencent

View all CVEs affecting Gameloop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary code execution, potentially leading to ransomware deployment, data theft, or persistent backdoor installation.

🟠

Likely Case

Malware installation leading to credential theft, cryptocurrency mining, or botnet enrollment.

🟢

If Mitigated

No impact if updates are secured with HTTPS and proper integrity verification.

🌐 Internet-Facing: HIGH - Attackers can exploit this from any network position between the client and update server.

🏢 Internal Only: MEDIUM - Requires attacker to be on the same network or compromise internal infrastructure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires MITM position but uses simple XML manipulation and MD5 spoofing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.21.90 and later

Vendor Advisory: https://www.gameloop.com

Restart Required: Yes

Instructions:

1. Open GameLoop. 2. Check for updates in settings. 3. Install version 4.1.21.90 or newer. 4. Restart GameLoop.

🔧 Temporary Workarounds

Block insecure update endpoints

windows

Prevent GameLoop from connecting to HTTP update servers via firewall rules.

netsh advfirewall firewall add rule name="Block GameLoop HTTP" dir=out action=block program="C:\Program Files\GameLoop\EmulatorShell.exe" remoteport=80 protocol=TCP

🧯 If You Can't Patch

Disable automatic updates in GameLoop settings
Use network monitoring to detect and block suspicious update traffic

🔍 How to Verify

Check if Vulnerable:

Check GameLoop version in settings. If version is below 4.1.21.90, system is vulnerable.

Check Version:

Check 'About' section in GameLoop settings or examine installed programs in Windows Control Panel.

Verify Fix Applied:

Confirm version is 4.1.21.90 or higher and verify update traffic uses HTTPS.

📡 Detection & Monitoring

Log Indicators:

GameLoop downloading executables from non-Tencent domains
Unexpected process execution following GameLoop updates

Network Indicators:

HTTP traffic to update servers instead of HTTPS
Large executable downloads from unusual IPs during update checks

SIEM Query:

source="GameLoop" AND (url="http://*" OR dest_port=80) AND file_type="exe"

📊 Metadata

CVE ID: CVE-2021-33879

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-494

Published: June 6, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/mmiszczyk/cve-2021-33879 Exploit,Third Party Advisory
https://www.gameloop.com Vendor Advisory
https://github.com/mmiszczyk/cve-2021-33879 Exploit,Third Party Advisory
https://www.gameloop.com Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33879, you might also want to check these: