Skip navigation

Windows AR System service allow double-quotes around ImageName registry value

score 25
You have not voted. Delivered

On Windows when the AR System service has double-quotes around the registry value for ImageName, the service won't start. ImageName is the registry key that exists for every Windows service, it simply holds the path to the service executable like:

 

C:\Program Files\BMC Software\ARSystem\armonitor.exe

 

However when surrounded by double-quotes, the service will not start, for example:

 

"C:\Program Files\BMC Software\ARSystem\armonitor.exe"

 

It is a security best practice to surround all Windows services with double-quotes to prevent a certain kind of exploit. Other Windows services accept the double-quote without issue. Customers commonly apply double-quotes and to not do so is a security exception which is detected by security scanners like Nessus.

 

The registry key can be found in the registry editor at:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BMC Remedy Action Request System Server <your server name>\ImagePath

 

For reference on the security vulnerability that the double-quoting is used to mitigate see:

 

Microsoft Windows Unquoted Service Path Enumeration | Tenable Network Security

 

and

 

CWE - CWE-428: Unquoted Search Path or Element (2.5)

 

Thanks for your consideration!

Comments

Vote history