unquote executable in embedded space folder

We have come accross this vulnerability detected by our scanner tool for this software. The software gets install in the folowing area

C:\Program Files\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxAssistants.exe

This windows services is unquote and therefore it flags as vulnerable for hackers.

I'm attachingthe following article for reference

https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464

http://blakhal0.blogspot.com/2012/08/hiding-files-by-exploiting-spaces-in.html

Besides creating a script to update the binPath for this services, is there a patch solution or this is simple not a problem since the OS will take care of it. Issue of long file name was fixed back then by Microsoft Windows 2000 SP2.

February 20th, 2013 3:22pm

Hello,

I think you will need to update your scanner.

Thanks,

Free Windows Admin Tool Kit Click here and download it now
February 22nd, 2013 8:36am

We automate it a script that will remotely connect to the machines with the vulnerability and filter out those windows components with the embedded space in there path. I will think this will be an issue that should be handle by the vendor to revise their deployment setup package and that will take care new machines when application is install instead of creating a second step to correct the problem.
March 29th, 2013 5:50pm

If anyone have this problem, we wrote the script to fix it

Script you can find here


Free Windows Admin Tool Kit Click here and download it now
May 8th, 2015 8:00am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics