Unquoted Service Path in NI Service Locator

To determine if the NI Service Locator installed and to determine its version:

1. Navigate to <Program Files>\National Instruments\Shared\niSvcLoc\
   
   
   • Note: NI Service Locator is a 32-bit application. For 64-bit operating systems, 32-bit applications will be in Program Files (x86) by default, rather than Program Files.
      
2. To see the version number, hover over the file niSvcLoc.exe, or right-click on the file and select Properties >> Details tab >> view the Product Version property.

If the version is prior to 18.0.0.49152 (18.0.0.0f0), users should install the patch as described below.

To install the patch:

1. Download the ni-svcloc_20.0.0_offline.iso from the Downloads section of this page. 
2. (Optional) Compare the attached MD5 hash of the file to the published hash.
3. Distribute the .iso file to the Windows machine where you will install the patch.
4. Mount the .iso file.
5. Run the installer to install the patch.

NI strongly recommends applying the patch, however, if updating the application is not possible, the following workaround can be used as a temporary measure.  Users can manually edit ImagePath in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NiSvcLoc registry key to add quotes around the fully qualified path. 

CVE-2021-42563 – 7.3 - CVSS:3.1 /AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

At NI, we view the security of our products as an important part of our commitment to our customers.  Go to ni.com/security to stay informed and act upon security alerts and issues.

NI would like to acknowledge the Lockheed Martin Red Team, among others, for reporting this issue and working with us on coordinated disclosure.

• External Link: CVE-2021-42563 - National Vulnerability Database 
• External Link: CWE-428 - Common Weakness Enumeration
• External Link: Path Interception by Unquoted Path T1574.009 – MITRE ATT&CK