Hello,
As part of our internal security requirements all new servers are being scanned by a Nessus engine before being released to production. My two new Lync FE servers have been tagged with having a high-level vulnerability. See below. It calls out the Windows Identity Foundation service as having an 'unquoted service path' in the registry.
Before I comply with trying to 'fix' this 'vulnerability', I was wondering if anyone else runs similar internal security...and if so, have you successfully 'fixed' something like this. I'm a little reluctant to go mucking about in the registry to modify this 'service path' to include quotes.
Thanks in advance for any advice/replies. vulnerability data below:
445/tcp 63155 - Microsoft Windows Unquoted Service Path Enumeration [-/+] Synopsis The remote Windows host has at least one service installed that uses an unquoted service path.
Description
The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker could gain elevated privileges by inserting an executable file in the path of the affected service.
See Alsohttp://isc.sans.edu/diary.html?storyid=14464http://cwe.mitre.org/data/definitions/428.htmlhttp://www.commonexploits.com/?p=658
Solution Ensure that any services that contain a space in the path enclose the path in quotes.
Risk Factor High CVSS Base Score 7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score 6.5 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitable with Metasploit (true) Plugin Information:
Publication date: 2012/12/05, Modification date: 2012/12/17 Ports tcp/445
Nessus found the following service with an untrusted path: c2wts : C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe