Unquoted Path Vulnerability - please fix ASAP

Its fixed in Hitmanpro version 3.8.2 which doesn't have announced dates yet, but this version is already available as a Hotfix. Hotfix after some testing becomes a part of general release (likely in June sometime). Here is the Hotfix download link:

https://support.sophos.com/support/s/article/KB-000038477?language=en_US

For context, this article describes how to exploit this vulnerability https://gracefulsecurity.com/privesc-unquoted-service-path/

This is considered a low-risk vulnerability, as it would only succeed when all 3 of the conditions below are in effect:

1) admin access on a system in order to make c:\program.exe

2) The AV completely failed to detect program.exe

3) Whatever exploit they used to get admin rights was not blocked by Hitmanpro 

If the attacker already managed to bypass AV and has full admin access, then there is no reason for them to use this vulnerability, as they can proceed with executing the payload. 

Its fixed in Hitmanpro version 3.8.2 which doesn't have announced dates yet, but this version is already available as a Hotfix. Hotfix after some testing becomes a part of general release (likely in June sometime). Here is the Hotfix download link:

https://support.sophos.com/support/s/article/KB-000038477?language=en_US

For context, this article describes how to exploit this vulnerability https://gracefulsecurity.com/privesc-unquoted-service-path/

This is considered a low-risk vulnerability, as it would only succeed when all 3 of the conditions below are in effect:

1) admin access on a system in order to make c:\program.exe

2) The AV completely failed to detect program.exe

3) Whatever exploit they used to get admin rights was not blocked by Hitmanpro 

If the attacker already managed to bypass AV and has full admin access, then there is no reason for them to use this vulnerability, as they can proceed with executing the payload.