Task Scheduler task issue? [CLOSED - NO ISSUE]

[Nurple]

Heya, I noticed the path to ProcessGovernor.exe in Task Scheduler is unquoted. I fix it myself every install/update as it gets reset.

Not sure if Task Scheduler is affected like services are, etc.

http://www.commonexploits.com/unquoted-service-paths/

[Jeremy Collake]

For governor running as a service, this was resolved long ago, and quotes added to the pathname. The theoretical exploit it could cause is very theoretical. On all NT6+ systems, a user would first have to get elevated rights to place a file in a location like "c:\program.exe", which would have to be a service executable, and if they had that right, they could also do just about anything else. So, it's severity 1 of 10, if that, but we did fix it.

Now, for the question asked:

As for the Task Scheduler, quoted paths are NOT used there. They aren't necessary because of the way the command is used by the Task Scheduler. You can check other system Tasks and you'll see the same.

For services, this is only necessary because they are backed by the registry, and due to the way they were originally implemented. That is something I will fix, but it's really not a serious issue, only a nit-picky one that has no real-world practical exploitation. Still I prefer to do things right, so will change this.

Attached is a screenshot showing Microsoft Office's Task Scheduler Action, which is not quoted, again because it's not necessary since the parameter is clearly defined as a whole entity, and treated as such by the Task Scheduler that launches it.

This is probably why when you place quotes there they are lost. That's not Process Lasso's doing, so much as the Task Scheduler's (though either could cause them to disappear as Lasso does recreate it's start entries during reinstall or auto-start config change).

[edkiefer]

I had quick look and I don't see any Scheduler tasks with quoted path's .

With services, there are, but very mixed results even from same Vender .
Like Intel many had quotes but some didn't and just about all MS services with the Svchost xxx had none .

I don't know how you would change, other than doing reg edits of services or using a script .

[Jeremy Collake]

I actually forgot --- this issue was *already* resolved for the service: Meaning the service EXE already has quotes around it in the registry.

But, that wasn't even the question. The question was if the Task Scheduler has the same vulnerability. NO, it does not. Quotes may not even be allowed there.

Thus, closing this report.

[Nurple]

Ah O.K, thanks for the info.

P.S quotes are allowed in the "Program/Script" box, but not within “Start in (optional)” box, causes the error 0x8007010B

http://www.networkinghowtos.com/howto/task-scheduler-error-code-0x8007010b/

[Jeremy Collake]

Ah, interesting, thanks for the precision Nurple!

Regardless, this isn't something we'll need to add in the Program/Script (Action) parameter, due to the way the Task Scheduler is written -- basically, it is aware of the potential vulnerability so first tries the 'whole path', instead of first trying the 'short path', if it ever tries the short path (e.g. tries c:\program files\process lasso\processlasso.exe before trying c:\program.exe) ..

EDIT: Though I will ponder on this a bit more, but I am following the standard of Microsoft, so *should* be safe doing so. For instance, if Lasso was deleted, but the Task Scheduler entry persisted, would it try the 'short path'? Dunno. Still, it's such a theoretical non-vulnerability, even for services.