Home

Windows-Path-Enumerate

This script fix vulnerability “Microsoft Windows Unquoted Service Path Enumeration” (Nessus plugin ID 63155) and similar problems with uninstall strings Script modify values in the next registry keys:

• HKLM:\SYSTEM\CurrentControlSet\Services\ImagePath
• HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UninstallString
• HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UninstallString

For getting full help for latest script could be used Windows_Path_Enumerate.ps1 -Help

EXTRA IMPORTANT: Test script before use in production

What to do (First steps)

1. Start PowerShell as Administrator
2. Check PSVersion. For that run next command

    $PSVersionTable.PSVersion

• Minimum Supported Powershell version 5 (Supported OS: Windows 7 and newer, Windows Server 2008 and newer)
• If PowerShell version less that 5 you can update in next 3 steps:
  1. Update .NET Framework to maximum supported version
  2. Restart PC \ Server
  3. Update Windows Management Framework to version 5.1

3. Download or clone repo
4. Unzip archive
5. Script that doing the work is: Windows_Path_Enumerate.ps1
6. Start PowerShell, navigate to the unzipped folder and check Help
   • Example

    Set-Location "C:\Unzipped Dir\"
    .\Windows_Path_Enumerate.ps1 -Help