📄 الوصف (الإنجليزية)
Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Launch Manager\dsiwmis.exe to insert malicious code that would execute with system-level permissions during service startup.
🤖 ملخص AI
CVE-2019-25302 is a local privilege escalation vulnerability in Acer Launch Manager 6.1.7600.16385 exploiting an unquoted service path in the DsiWMIService. Attackers with local access can inject malicious executables into the service path to achieve system-level code execution during service startup. While no public exploit is available, the vulnerability poses significant risk to organizations using Acer systems, particularly in government and enterprise environments where administrative access controls may be insufficient.
📄 الوصف (العربية)
🤖 التحليل الذكي آخر تحليل: Apr 27, 2026 03:06
🇸🇦 التأثير على المملكة العربية السعودية
This vulnerability primarily affects Saudi government agencies, financial institutions, and large enterprises using Acer workstations. High-risk sectors include: (1) Government/NCA — administrative workstations and secure facilities; (2) Banking/SAMA — employee workstations in financial institutions; (3) Healthcare — hospital IT infrastructure; (4) Energy sector — ARAMCO and related organizations. The vulnerability requires local access, limiting exposure but creating insider threat risks. Organizations with inadequate endpoint hardening and privilege management are most vulnerable.
🏢 القطاعات السعودية المتأثرة
Government
Banking
Healthcare
Energy
Telecommunications
Education
Enterprise IT
🎯 تقنيات MITRE ATT&CK
T1547.001 — Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
T1547.011 — Boot or Logon Autostart Execution: Services
T1134.003 — Access Token Manipulation: Make and Impersonate Token
T1548.004 — Abuse Elevation Control Mechanism: Elevated Execution with Prompt
T1574.008 — Hijack Execution Flow: DLL Search Order Hijacking
T1036.003 — Masquerading: Rename System Utilities
T1543.003 — Create or Modify System Process: Windows Service
⚖️ درجة المخاطر السعودية (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all systems running Acer Launch Manager 6.1.7600.16385 using endpoint detection tools or asset inventory systems
2. Restrict local administrative access and implement principle of least privilege
3. Disable DsiWMIService if not required for business operations
4. Monitor service startup logs for suspicious executable creation in Program Files (x86)\Launch Manager\
Patching Guidance:
1. Update Acer Launch Manager to version 6.1.7600.16386 or later
2. Verify patch installation by checking service path in Registry: HKLM\SYSTEM\CurrentControlSet\Services\DsiWMIService
3. Ensure path is quoted: "C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
Compensating Controls:
1. Implement file integrity monitoring (FIM) on C:\Program Files (x86)\Launch Manager\ directory
2. Deploy application whitelisting to prevent unauthorized executable execution
3. Enable Windows Defender Application Guard or similar sandboxing
4. Implement strict file system permissions (NTFS ACLs) on Launch Manager directory
Detection Rules:
1. Monitor for file creation in Program Files (x86)\Launch Manager\ with suspicious extensions (.exe, .dll, .scr)
2. Alert on DsiWMIService startup with modified executable path
3. Track registry modifications to HKLM\SYSTEM\CurrentControlSet\Services\DsiWMIService
4. Monitor process execution from unexpected paths with system privileges
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع الأنظمة التي تقوم بتشغيل Acer Launch Manager 6.1.7600.16385 باستخدام أدوات كشف نقاط النهاية أو أنظمة جرد الأصول
2. تقييد الوصول الإداري المحلي وتنفيذ مبدأ الامتياز الأدنى
3. تعطيل DsiWMIService إذا لم تكن مطلوبة للعمليات التجارية
4. مراقبة سجلات بدء تشغيل الخدمة للبحث عن إنشاء ملفات تنفيذية مريبة
إرشادات التصحيح:
1. تحديث Acer Launch Manager إلى الإصدار 6.1.7600.16386 أو أحدث
2. التحقق من تثبيت التصحيح بفحص مسار الخدمة في السجل
3. التأكد من أن المسار مقتبس بشكل صحيح
الضوابط البديلة:
1. تنفيذ مراقبة سلامة الملفات على دليل Launch Manager
2. نشر قائمة بيضاء للتطبيقات لمنع تنفيذ ملفات تنفيذية غير مصرح بها
3. تفعيل Windows Defender Application Guard أو حل حماية مماثل
4. تنفيذ أذونات نظام الملفات الصارمة على دليل Launch Manager
قواعد الكشف:
1. مراقبة إنشاء الملفات في دليل Launch Manager بامتدادات مريبة
2. التنبيه على بدء تشغيل DsiWMIService بمسار ملف تنفيذي معدل
3. تتبع تعديلات السجل على خدمة DsiWMIService
4. مراقبة تنفيذ العمليات من مسارات غير متوقعة بامتيازات النظام
📋 خريطة الامتثال التنظيمي
🟢 NCA ECC 2024
A.5.1.1 — Policies and procedures for access control
A.5.2.1 — User registration and de-registration
A.5.3.1 — Access rights review
A.8.1.1 — Asset inventory and ownership
A.8.2.1 — Information classification
A.12.2.1 — Change management procedures
A.12.6.1 — Management of technical vulnerabilities
🔵 SAMA CSF
Governance — Asset Management and Inventory
Governance — Change Management
Protection — Access Control and Authentication
Protection — System Hardening
Detection — Vulnerability Management
Response — Incident Response Procedures
🟡 ISO 27001:2022
5.1 — Policies for information security
5.3 — Segregation of duties
6.1 — Screening
6.2 — Terms and conditions of employment
8.1 — Asset inventory
8.2 — Information classification
8.3 — Media handling
8.6 — Capacity and resource management
12.2 — Change management
12.6 — Management of technical vulnerabilities
🟣 PCI DSS v4.0.1
2.2.4 — Configure system security parameters
6.2 — Ensure security patches are installed
11.2 — Run automated vulnerability scans