Forum Discussion
Apr 28, 2022
Windows Unquoted Service Path Enumeration - Is this still a case in modern Windows (10, 11) ?
Hi Folks, This could be irrelevant as the issue goes back to few years and Microsoft may have already fixed it but, just wanted verify/confirm. Windows Unquoted Path Enumeration vulnerabilit...
- May 04, 2022The above response is the latest on this as I could not fetch anything specific to Microsoft on this. this script does a fantastic job on fixing the paths if there's any so if you happen to have this issue, It'd be really handy (hats off to those who contributed to this project!) - https://github.com/VectorBCO/windows-path-enumerate/
Apr 28, 2022
Apparently there still seems to be a lot of applications with this vulnerability out there but not necessarily mean that falls under Microsoft?. I'd imagine it simply means that you should update the application as soon as the 3rd party release a fix.
i.e. CVE - CVE-2022-27050 (mitre.org) BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability.
Ref - https://www.cvedetails.com/vulnerability-list/cweid-428/vulnerabilities.html