Audit Square Advisory

Table of contents:

How to properly setup PATH?

Permanent link:

https://auditsquare.com/advisory/windows/environment-variable-path

What is “PATH”?

PATH is one of many environment variables in MS Windows. It specifies a set of directories where the operating systems looks for executable programs and scripts.

In Microsoft Windows: * the value of PATH variable comprise of a list of directory names separated by semicolon (;) * you can check the PATH value from command prompt by running echo %PATH% or simply PATH * PATH variable is set on SYSTEM level + on USER level (the command echo %PATH% shows combined value - SYSTEM part goes before USER part)

Why is it a security issue?

When a command is entered in a command shell or a system call is made by a program to execute a program, the system first searches the current working directory and then searches the PATH, examining each directory from left to right, looking for an executable filename that matches the command name given. If the malware edit the PATH variable and insert its own PATH, system will execute this file. Furthermore a common filename like „cmd.exe“ can be used to trick users, although it is not the real system file, but the evil one.

How to fix it?

Using GUI

These settings must be fixed manually directly on the server/workstation. However, in the case of problematic entries in the PATH, the preferred solution is to fix directory permissions (removing the write permissions for unprivileged users and groups). In Windows 7 use the following procedure and click:

  • Start ›› Control panel ›› System ›› Advanced system settings ›› Environment Variables

Set environment variable PAT

Using a group policy

It is not possible to easy setup this policy in group policy. You can use some scripts, but it is over this manual (you can try to contact us).

Using prompt

Just run a command prompt (cmd.exe) and type PATH /? and Enter. Use help to setup a new PATH value.