Apparently there still seems to be a lot of applications with this vulnerability out there but not necessarily mean that falls under Microsoft?. I'd imagine it simply means that you should update the application as soon as the 3rd party release a fix.


i.e. CVE - CVE-2022-27050 ( BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability.


Ref -