Microsoft Windows Unquoted Service Path Enumeration

Created:

2016-11-16 13:07:12 UTC

Modified:

2017-08-08 13:42:37 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Microsoft Windows Unquoted Service Path Enumeration

Applicable to:

  • Plesk 12.5 for Windows

Symptoms

The following security vulnerability is shown while checking Plesk Windows server:

Microsoft Windows Unquoted Service Path Enumeration

for the following services:

MELCS : C:\\Program Files (x86)\\Parallels\\Plesk\\Mail Servers\\Mail Enable\\Bin64\\MELSC.EXE 
MEMTAS : C:\\Program Files (x86)\\Parallels\\Plesk\\Mail Servers\\Mail Enable\\Bin64\\MEMTA.EXE
DrWebCom : C:\\Program Files (x86)\\Parallels\\Plesk\\DrWeb\\drwebcom.exe
MEPOCS : C:\\Program Files (x86)\\Parallels\\Plesk\\Mail Servers\\Mail Enable\\Bin64\\MEPOC.EXE
MEPOPS : C:\\Program Files (x86)\\Parallels\\Plesk\\Mail Servers\\Mail Enable\\Bin64\\MEPOPS.EXE
MESMTPCS : C:\\Program Files (x86)\\Parallels\\Plesk\\Mail Servers\\Mail Enable\\Bin64\\MESMTPC.EXE

How to fix these vulnerabilities?

Answer

These services can be quoted manually in Windows registry or the following script can be used:

Microsoft Windows Unquoted Service Path Enumeration on Technet.com

Have more questions? Submit a request
Please sign in to leave a comment.