Vulnerability "Microsoft Windows Unquoted Service Path Enumeration" is found with the following Active Roles services in version 7.0 and 7.1:
Active Roles Administration Service
Active Roles Synchronization Service
Product defect TF00711077.
WORKAROUND
To fix the Active Roles Administration Service:
A. Open Windows Services Management console, stop the Active Roles Administration Service.
B. Open an administrator Command Prompt, run the below command.
For version 7.0
sc config ARAdminSvc binPath="\"C:\Program Files\Dell\Active Roles\7.0\Service\arssvc.exe\""
For version 7.1
sc config ARAdminSvc binPath="\"C:\Program Files\Dell\Active Roles\7.1\Service\arssvc.exe\""
C. From the Windows Service Management console, start the Active Roles Administration Service.
To fix the Active Roles Synchronization Service:
A. Open Windows Services Management console, stop the Active Roles Synchronization Service.
B. Open an administrator Command Prompt, run the below command.
For version 7.0
sc config arsyncsvc binPath="\"C:\Program Files\Dell\Active Roles\7.0\SyncService\SyncService.exe\""
For version 7.1
sc config arsyncsvc binPath="\"C:\Program Files\Dell\Active Roles\7.1\SyncService\SyncService.exe\""
C. From the Windows Service Management console, start the Active Roles Synchronization Service.
STATUS
Issue fixed in Active Roles 7.2.
The following script can be used:
Microsoft Windows Unquoted Service Path Enumeration on Technet.com
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy