-
Title
Vulnerability "Microsoft Windows Unquoted Service Path Enumeration" with the Active Roles Administration Service and the Active Roles Synchronization Service -
Description
Vulnerability "Microsoft Windows Unquoted Service Path Enumeration" is found with the following Active Roles services in version 7.0 and 7.1:
Active Roles Administration Service
Active Roles Synchronization Service
-
Cause
Product defect TF00711077.
-
Resolution
WORKAROUND
To fix the Active Roles Administration Service:
A. Open Windows Services Management console, stop the Active Roles Administration Service.
B. Open an administrator Command Prompt, run the below command.
For version 7.0
sc config ARAdminSvc binPath="\"C:\Program Files\Dell\Active Roles\7.0\Service\arssvc.exe\""For version 7.1
sc config ARAdminSvc binPath="\"C:\Program Files\Dell\Active Roles\7.1\Service\arssvc.exe\""C. From the Windows Service Management console, start the Active Roles Administration Service.
To fix the Active Roles Synchronization Service:
A. Open Windows Services Management console, stop the Active Roles Synchronization Service.
B. Open an administrator Command Prompt, run the below command.
For version 7.0
sc config arsyncsvc binPath="\"C:\Program Files\Dell\Active Roles\7.0\SyncService\SyncService.exe\""For version 7.1
sc config arsyncsvc binPath="\"C:\Program Files\Dell\Active Roles\7.1\SyncService\SyncService.exe\""C. From the Windows Service Management console, start the Active Roles Synchronization Service.
STATUS
Issue fixed in Active Roles 7.2.
-
Change Request
TF00711077 -
Additional Information
The following script can be used:
Microsoft Windows Unquoted Service Path Enumeration on Technet.com