Issue:
Recently, I have received security scan report from my company security team. in that report the have stated one of my windows server has Windows Unquoted/Trusted Service Paths Privilege Escalation Security Issue
Issue as below:
Windows Unquoted/Trusted Service Paths Privilege Escalation Security Issue
QID: 105484 CVSS Base: 6.8 [1]
Category: Security Policy CVSS Temporal: 6.4
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 04/04/2013
User Modified: -
Edited: No
PCI Vuln: Yes
THREAT:
There exists a security issue with Windows when handling the paths of services running on the system. When the service path is a long name and
contains a space and not quoted, the file name becomes ambiguous.
For example, consider the string "c:\program files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to
interpret the possibilities in the following order:
c:\program.exe files\sub dir\program name
c:\program files\sub.exe dir\program name
c:\program files\sub dir\program.exe name
If an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM.
IMPACT:
Successfully exploiting this security issue might allow a remote attacker to gain escalated privileges
SOLUTION:
There are no-vendor supplied patches available at this time.
Workaround:
Properly enclose all the service paths with quotes if they have spaces in them.
RESULTS:
Service Name Image Path
C:\Program Files (x86)\Skype\Updater\Updater.exe
Solution:
I have run below command on command prompt and it has listed out issue vulnerabilities
wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
Then I found that one of my server service was not quoted in registry path. I quoted and the issue was solved
example path:
before:
BINARY_PATH_NAME : C:\Program Files (x86)\Skype\Updater\Updater.exe”
after
make changes in registry
BINARY_PATH_NAME : “C:\Program Files (x86)\Skype\Updater\Updater.exe”
Recently, I have received security scan report from my company security team. in that report the have stated one of my windows server has Windows Unquoted/Trusted Service Paths Privilege Escalation Security Issue
Issue as below:
Windows Unquoted/Trusted Service Paths Privilege Escalation Security Issue
QID: 105484 CVSS Base: 6.8 [1]
Category: Security Policy CVSS Temporal: 6.4
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 04/04/2013
User Modified: -
Edited: No
PCI Vuln: Yes
THREAT:
There exists a security issue with Windows when handling the paths of services running on the system. When the service path is a long name and
contains a space and not quoted, the file name becomes ambiguous.
For example, consider the string "c:\program files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to
interpret the possibilities in the following order:
c:\program.exe files\sub dir\program name
c:\program files\sub.exe dir\program name
c:\program files\sub dir\program.exe name
If an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM.
IMPACT:
Successfully exploiting this security issue might allow a remote attacker to gain escalated privileges
SOLUTION:
There are no-vendor supplied patches available at this time.
Workaround:
Properly enclose all the service paths with quotes if they have spaces in them.
RESULTS:
Service Name Image Path
C:\Program Files (x86)\Skype\Updater\Updater.exe
Solution:
I have run below command on command prompt and it has listed out issue vulnerabilities
wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
Then I found that one of my server service was not quoted in registry path. I quoted and the issue was solved
example path:
before:
BINARY_PATH_NAME : C:\Program Files (x86)\Skype\Updater\Updater.exe”
after
make changes in registry
BINARY_PATH_NAME : “C:\Program Files (x86)\Skype\Updater\Updater.exe”
No comments:
Post a Comment