📄 الوصف (الإنجليزية)
Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated system access.
🤖 ملخص AI
CVE-2021-47852 is a privilege escalation vulnerability in Rockstar Games Launcher 1.0.37.349 affecting Windows systems where weak file permissions on the RockstarService.exe allow authenticated users to replace it with malicious code. This enables attackers to execute arbitrary code with SYSTEM privileges and create administrator accounts. While no public exploit exists, the vulnerability poses significant risk to organizations where gaming platforms are installed on corporate or critical infrastructure systems.
📄 الوصف (العربية)
🤖 التحليل الذكي آخر تحليل: Apr 22, 2026 02:00
🇸🇦 التأثير على المملكة العربية السعودية
While Rockstar Games Launcher is primarily a consumer application, Saudi organizations face risk in: (1) Government agencies and NCA facilities where employee workstations may have gaming software installed, creating lateral movement vectors; (2) Banking and SAMA-regulated institutions where privilege escalation could compromise financial systems if installed on administrative workstations; (3) Energy sector (ARAMCO, utilities) where gaming software on operational technology networks poses supply chain risk; (4) Telecom operators (STC, Mobily) where this could affect employee infrastructure; (5) Educational institutions and research centers. The vulnerability is particularly concerning in environments with shared workstations or BYOD policies.
🏢 القطاعات السعودية المتأثرة
Government
Banking and Financial Services
Energy and Utilities
Telecommunications
Healthcare
Education and Research
Defense and Security
🎯 تقنيات MITRE ATT&CK
T1548.004 - Abuse Elevation Control Mechanism: Elevated Execution with Prompt
T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
T1547.011 - Boot or Logon Autostart Execution: Services
T1547.014 - Boot or Logon Autostart Execution: Active Setup
T1134.003 - Access Token Manipulation: Make and Impersonate Token
T1543.003 - Create or Modify System Process: Windows Service
T1574.008 - Hijack Execution Flow: DLL Search Order Hijacking
T1036.005 - Masquerading: Match Legitimate Name or Location
T1078.003 - Valid Accounts: Local Accounts
⚖️ درجة المخاطر السعودية (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all systems with Rockstar Games Launcher 1.0.37.349 installed using endpoint detection tools or software inventory systems
2. Restrict file system permissions on C:\Program Files\Rockstar Games\Launcher\RockstarService.exe to SYSTEM and Administrators only (remove Authenticated Users modify permissions)
3. Disable or uninstall Rockstar Games Launcher from corporate/critical infrastructure systems
4. Review Windows Event Logs (Security, System) for unauthorized service modifications or new administrator account creation
Patching Guidance:
1. Update Rockstar Games Launcher to version 1.0.37.350 or later immediately
2. Verify patch installation by checking file permissions post-update
3. Restart affected systems to ensure service reloads with correct permissions
Compensating Controls (if patching delayed):
1. Implement Application Whitelisting (AppLocker/Windows Defender Application Control) to restrict RockstarService.exe execution
2. Enable Windows Defender for Real-time Protection with behavior monitoring
3. Configure File Integrity Monitoring (FIM) on RockstarService.exe to alert on modifications
4. Implement privileged access management (PAM) to monitor and restrict service account usage
5. Use Group Policy to prevent service executable modification via NTFS permissions enforcement
Detection Rules:
- Monitor for RockstarService.exe file modifications (creation time, hash changes)
- Alert on new local administrator account creation
- Track service restart events for RockstarService
- Monitor for unusual process execution from Rockstar Games directory with elevated privileges
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع الأنظمة التي تحتوي على Rockstar Games Launcher 1.0.37.349 باستخدام أدوات كشف نقاط النهاية أو أنظمة جرد البرامج
2. تقييد أذونات نظام الملفات على C:\Program Files\Rockstar Games\Launcher\RockstarService.exe لـ SYSTEM والمسؤولين فقط (إزالة أذونات تعديل المستخدمين المصرحين)
3. تعطيل أو إلغاء تثبيت Rockstar Games Launcher من أنظمة البنية التحتية الحرجة والشركات
4. مراجعة سجلات Windows Event (الأمان والنظام) للتحقق من التعديلات غير المصرح بها على الخدمة أو إنشاء حسابات مسؤول جديدة
إرشادات التصحيح:
1. تحديث Rockstar Games Launcher إلى الإصدار 1.0.37.350 أو أحدث فوراً
2. التحقق من تثبيت التصحيح بفحص أذونات الملفات بعد التحديث
3. إعادة تشغيل الأنظمة المتأثرة لضمان إعادة تحميل الخدمة بالأذونات الصحيحة
الضوابط البديلة (إذا تأخر التصحيح):
1. تنفيذ قائمة التطبيقات المسموحة (AppLocker/Windows Defender Application Control) لتقييد تنفيذ RockstarService.exe
2. تفعيل Windows Defender للحماية في الوقت الفعلي مع مراقبة السلوك
3. تكوين مراقبة سلامة الملفات (FIM) على RockstarService.exe للتنبيه عند التعديلات
4. تنفيذ إدارة الوصول المميز (PAM) لمراقبة وتقييد استخدام حساب الخدمة
5. استخدام Group Policy لمنع تعديل ملف الخدمة القابل للتنفيذ من خلال فرض أذونات NTFS
قواعد الكشف:
- مراقبة تعديلات ملف RockstarService.exe (وقت الإنشاء وتغييرات التجزئة)
- التنبيه عند إنشاء حساب مسؤول محلي جديد
- تتبع أحداث إعادة تشغيل الخدمة لـ RockstarService
- مراقبة تنفيذ العمليات غير العادية من دليل Rockstar Games بامتيازات مرتفعة
📋 خريطة الامتثال التنظيمي
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures
A.6.1.1 - Access control policy
A.6.2.1 - User registration and de-registration
A.6.2.2 - User access provisioning
A.8.2.1 - User endpoint devices
A.8.2.3 - Segregation of networks
A.12.6.1 - Management of technical vulnerabilities
🔵 SAMA CSF
Governance (GV) - GV-RO-01: Risk and Compliance Management
Governance (GV) - GV-SC-01: Supply Chain Risk Management
Protect (PR) - PR-AC-01: Access Control
Protect (PR) - PR-AC-02: Privileged Access Management
Protect (PR) - PR-PT-01: Protection Technology
Detect (DE) - DE-CM-01: Configuration and Vulnerability Management
🟡 ISO 27001:2022
5.3 - Segregation of duties
6.1.2 - Competence
6.5.1 - Information security controls
8.1.1 - Inventory of assets
8.2.1 - User endpoint devices
8.3.1 - Cryptography
8.6.1 - Management of technical vulnerabilities
A.5.1.1 - Policies for information security
A.6.2.1 - User registration and de-registration
A.8.2.1 - User endpoint devices
🟣 PCI DSS v4.0
1.1 - Firewall configuration standards
2.1 - Default security parameters
6.2 - Security patches and updates
7.1 - Limit access to system components
8.1 - User identification and authentication
8.2 - Strong authentication methods