Microsoft Windows Unquoted Service Path Enumeration vulnerability

Sachin Babu B S 0 Reputation points
2023-05-11T06:16:39.43+00:00

Dear Team,

How to overcome "Microsoft Windows Unquoted Service Path Enumeration vulnerability".

VA in this path: C:\Windows\Microsoft.NET\Framework64\v3.0\ Windows Communication Foundation\SMSvcHost.exe.

Please suggest.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,538 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Michael Maxey 27 Reputation points Microsoft Employee
    2023-05-12T19:31:35.29+00:00

    https://github.com/NetSecJedi/FixUnquotedPaths

    This works and is scalable with SCCM, InTune, GPO.

    Look at the script yourself and decide.

    0 comments No comments

  2. Limitless Technology 44,046 Reputation points
    2023-05-18T12:40:35.7033333+00:00

    Hello there,

    Apparently there still seems to be a lot of applications with this vulnerability out there but not necessarily mean that falls under Microsoft.

    Similar discussion here

    https://techcommunity.microsoft.com/t5/windows-security/windows-unquoted-service-path-enumeration-is-this-still-a-case/m-p/3298358

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments