CVE-2023-3438

Name of the Vulnerable Software and Affected Versions MOVE versions 4.10.x and earlier

Description An unquoted Windows search path vulnerability existed in the Windows install service, allowing an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.

Recommendations For MOVE versions 4.10.x and earlier, consider updating to a newer version to mitigate the risk, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the mvagtsce.exe service to minimize the risk of exploitation.