Unquoted service path in Windows sensors
Opened this issue · 1 comments
l4rm4nd commented
Windows sensors will install a new service called impulse-agentd
.
This service is executing the nssm.exe
binary. However, the service does not quote the service path. This may lead to a Windows privilege escalation if an attacker would be able to create a malicious file located at C:\Program.exe
. This is usually not possible by a low privileged user account.
Nonetheless, I recommend quoting the service path for security best practices.
bgenev commented
Thanks, will be fixed in the next release.