In episode #341 of the 7 Minute Security podcast I talked about how to identify - and remediate - the unquoted service path vulnerabilities you might see pop up on a vulnerability scan. Here's the breakdown of resources that will help you understand and fix this pesky vuln:
Here's a great article describing unquoted service paths and why they're a risk to your enterprise.
If you want to create a fake service with unquoted service paths so you can then test fixing it, check out this gist which has you run something like the following:
New-Service -Name 'TotesFakeService' -BinaryPathName 'C:\program files\system32\something.exe' -DisplayName 'Totes Fake Dude' -StartupType Manual
Download this script and import it into your machine, then run
Fix-ServicePathto seek out and destroy (er, fix) any unquoted service paths on your machine.
To really bury the hatchet, reboot your machine and ensure all service start up cleanly, and you could even rescan it with Nessus/Qualys/etc. to make sure unquoted service path (Nessus plugin ID 63155) doesn't show up anymore. Or, for a quicker command line check, run this:
wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
The results should be "empty" if all service paths are properly quoted.