Frequent Contributor

Hi Folks, 

 

This could be irrelevant as the issue goes back to few years and Microsoft may have already fixed it but, just wanted verify/confirm. 

Windows Unquoted Path Enumeration vulnerability was identified back in 2013 (or may be even earlier). In simple terms, when a service is created whose executable path contains spaces and isn’t enclosed within quotes, leads to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges (only if the vulnerable service is running with SYSTEM privilege level which most of the time it is). In Windows, if the service is not enclosed within quotes and is having spaces, it would handle the space as a break and pass the rest of the service path as an argument.

 

Refhttps://medium.com/@SumitVerma101/windows-privilege-escalation-part-1-unquoted-service-path-c7a011a8...

So my question is, is this still a vulnerability in the modern versions of Windows 10,11?  

 

Appreciate any inputs/recommendations!