Plantronics + Polycom. Now together as Poly Logo

Pass-Through-App Unquoted Service - Windows 10 Security Recommendation

AlphaTrains
Occasional Contributor

Pass-Through-App Unquoted Service - Windows 10 Security Recommendation

Fix unquoted service path for Windows services

 

Description

Determines the existence on the machine of one or more services, which are configured with a path to executable that contains spaces and also isn't surrounded by quotation marks..

 

Potential risk

An attacker can exploit this misconfiguration in order to perform path interception to gain escalation of privileges and persistency on the machine.


Exposed Services
PolyTrioPassThroughConn
C:\Program Files (x86)\Poly\Poly Trio Pass-through\app\bin\Poly-Trio-Pass-through-Connector.exe

 

-

 

This is flagged on all of our clients which have the software installed. This should be resolved by Poly with an update in my opinion.

Message 1 of 1