We encountered the following vulnerability while scanning machines at work. I have address the issue in others forums to suggest for a course of action by time being vendor provide an update to their package software. We have identify three sofwtare packages such as NVIDIA (driver software) when it gets install in the machine, the bin path is written in the registry unquote and having embedded space in the directory path, the tools flag as a vulnerability. What will be the short term fix while vendor provide an update of their software.
I had a mind,
create a script and update the services components and modify the environment variable which points to the bin path.
This an article that addresses the problem,
https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464
michael john ocasio