CVE-2020-22809: 
Windscribe vulnerability analysis and mitigation

In Windscribe v1.83 Build 20, a vulnerability was discovered in the 'WindscribeService' component that involves an Unquoted Service Path, which could facilitate privilege escalation on Windows systems. The vulnerability was disclosed on April 10, 2020 (Exploit DB).

The vulnerability exists in the WindscribeService service configuration where the service binary path is unquoted. The service runs with LocalSystem privileges, and the BINARYPATHNAME parameter points to 'C:\Program Files (x86)\Windscribe\WindscribeService.exe'. Due to the unquoted path, this creates a potential privilege escalation vector. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) (NVD).

The vulnerability allows authenticated local users to escalate privileges to SYSTEM level by exploiting the unquoted service path. This could enable an attacker to execute arbitrary commands with the highest system privileges, potentially leading to complete system compromise (Exploit DB).

The vulnerability can be mitigated by ensuring the service path is properly quoted or by upgrading to a patched version of the Windscribe software. Additionally, restricting local user permissions to modify service configurations can help prevent exploitation (NVD).