Unquoted service path in Windows sensors

bgenev / impulse-xdr

Fully automated host & network intrusion detection platform. Detects malware from behavioural patterns rather than signatures and enables deeper visibility than legacy tools.

https://impulse-xdr.com/

Other

120 stars 5 forks source link

Unquoted service path in Windows sensors #5

Open l4rm4nd opened 6 months ago

l4rm4nd commented 6 months ago

Windows sensors will install a new service called impulse-agentd.

This service is executing the nssm.exe binary. However, the service does not quote the service path. This may lead to a Windows privilege escalation if an attacker would be able to create a malicious file located at C:\Program.exe. This is usually not possible by a low privileged user account.

Nonetheless, I recommend quoting the service path for security best practices.

bgenev commented 6 months ago

Thanks, will be fixed in the next release.