Unquoted service path in Windows sensors

Question

Unquoted service path in Windows sensors

Opened this issue 6 months ago · 1 comments

Windows sensors will install a new service called impulse-agentd.

This service is executing the nssm.exe binary. However, the service does not quote the service path. This may lead to a Windows privilege escalation if an attacker would be able to create a malicious file located at C:\Program.exe. This is usually not possible by a low privileged user account.

Nonetheless, I recommend quoting the service path for security best practices.

Answer 1 · 2024-03-29T07:37:18.000Z

Thanks, will be fixed in the next release.