Forum Discussion
Windows Unquoted Service Path Enumeration - Is this still a case in modern Windows (10, 11) ?
- The above response is the latest on this as I could not fetch anything specific to Microsoft on this. this script does a fantastic job on fixing the paths if there's any so if you happen to have this issue, It'd be really handy (hats off to those who contributed to this project!) - https://github.com/VectorBCO/windows-path-enumerate/
Apparently there still seems to be a lot of applications with this vulnerability out there but not necessarily mean that falls under Microsoft?. I'd imagine it simply means that you should update the application as soon as the 3rd party release a fix.
Ref - https://www.cvedetails.com/vulnerability-list/cweid-428/vulnerabilities.html
- The above response is the latest on this as I could not fetch anything specific to Microsoft on this. this script does a fantastic job on fixing the paths if there's any so if you happen to have this issue, It'd be really handy (hats off to those who contributed to this project!) - https://github.com/VectorBCO/windows-path-enumerate/
How do you know if it succeeds. My vulnerability solution indicates the existence of the threat but does not specify the reg keys that are unquoted for the server KDSERVICE (Kyocera Printer Driver)
I managed to replicate this. Just copy 'calc.exe' to your c:\ and rename it as 'documents.exe' and another copy as 'program.exe'.
Now every time you restart your computer, a calculator will open up.
This happens because start up processes look for "C:\Program Files\*" but end up running "C:\program.exe" with rest of the code items as arguments.
In reality, if someone malicious gets access to such an extent that they are able to place an executable on your c: drive, I call that checkmate anyways.
