Or, Unquoted service
path vulnerability
Or, Mitigate unquoted
service path vulnerabilities
Descriptions: Unquoted
service path vulnerabilities are rated as highly critical vulnerability in
windows. Don’t worry it is really very easy to fix.
If you have the vulnerability scan report with you, the
report contains following information about this reported vulnerability:
Vulnerability Name:
Microsoft Windows Unquoted Service Path Enumeration
Vulnerability Synopsis:
The remote Windows host has at least one service installed that uses an
unquoted service path.
Vulnerability Description:
The remote Windows host has at least one service installed that uses an
unquoted service path, which contains at least one whitespace. A local attacker
can gain elevated privileges by inserting an executable file in the path of the
affected service. Note that this is a
generic test that will flag any application affected by the described
vulnerability.
Vulnerability Solution:
Ensure that any services that contain a space in the path enclose the path in
quotes.
IMP Note: There are two stages to fix this vulnerabilities, 1. finding the unquoted path on the
affected server and 2. Fixing the
unquoted paths.
Steps-1: How to find the unquoted service paths
Login to affected server with administrative privileges >
run CMD as Administrator > run the following command:
wmic
service get name,displayname,pathname,startmode |findstr /i "auto"
|findstr /i /v "c:\windows\\" |findstr /i /v """
Once the command is executed successfully, you will be able
to see one or more unquoted service paths. Result may look like the below
reference screenshot:
Copy all the result to a text or excel file and move to the
step-2.
Steps-2: Fixing
unquoted service path vulnerabilities
Search for the unquoted
registry entry of the affected service under HKLM\System\CurrentControlSet\Services registry path > Double
Click the Image Path key > fix comma
like “servicepath” at the beginning and end of the path
Examples:
Unquoted service path: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
Quoted service path: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
The correct quoted service path image reference:
Cheers, Please write me back if you have any query or
feedback..