📄 Description (English)
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.
🤖 AI Executive Summary
Mikogo 5.2.2.150317 contains a critical unquoted service path vulnerability allowing local privilege escalation to LocalSystem. Attackers can inject malicious executables in predictable path locations to achieve code execution with highest privileges. This vulnerability poses significant risk to organizations using Mikogo for remote support and collaboration, particularly in Saudi enterprises relying on this software for secure communications.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 27, 2026 05:18
🇸🇦 Saudi Arabia Impact Assessment
High impact on Saudi banking sector (SAMA-regulated institutions), government agencies (NCA oversight), healthcare organizations (MOH), and energy sector (ARAMCO, downstream companies). Telecom operators (STC, Mobily, Zain) using Mikogo for customer support are at elevated risk. The vulnerability enables lateral movement and persistent access within critical infrastructure networks, potentially compromising sensitive financial data, government communications, and operational technology systems.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare and Medical Services
Energy and Utilities
Telecommunications
Education
Insurance
Manufacturing
🎯 MITRE ATT&CK Techniques
T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys
T1547.011 - Boot or Logon Autostart Execution: Services
T1134.003 - Access Token Manipulation: Make and Impersonate Token
T1548.004 - Abuse Elevation Control Mechanism: Elevated Execution with Prompt
T1574.008 - Hijack Execution Flow: DLL Search Order Hijacking
T1036.003 - Masquerading: Rename System Utilities
T1053.005 - Scheduled Task/Job: Scheduled Task
T1543.003 - Create or Modify System Process: Windows Service
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all systems running Mikogo 5.2.2.150317 across the organization
2. Restrict local access to systems running vulnerable Mikogo versions
3. Monitor Windows Event Logs for suspicious service path access and executable creation in system directories
PATCHING:
1. Upgrade Mikogo to version 5.2.3 or later immediately
2. Verify patch installation by checking service path configuration: sc qc Mikogo-Service
3. Restart the Mikogo service after patching
COMPENSATING CONTROLS (if immediate patching not possible):
1. Implement strict file system permissions on C:\Program Files and C:\ root directory
2. Disable Mikogo-Service if not actively required
3. Run Mikogo service under a restricted service account instead of LocalSystem
4. Apply AppLocker/Windows Defender Application Control policies to prevent unauthorized executable execution
DETECTION RULES:
1. Monitor for file creation in C:\ root directory with .exe extension
2. Alert on Mikogo-Service restart or modification events (Event ID 7045)
3. Track process execution from unexpected paths with LocalSystem privileges
4. Monitor registry changes to HKLM\SYSTEM\CurrentControlSet\Services\Mikogo-Service
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع الأنظمة التي تعمل بـ Mikogo 5.2.2.150317 في المنظمة
2. تقييد الوصول المحلي للأنظمة التي تعمل بإصدارات Mikogo الضعيفة
3. مراقبة سجلات أحداث Windows للوصول المريب إلى مسار الخدمة وإنشاء الملفات التنفيذية
التصحيح:
1. ترقية Mikogo إلى الإصدار 5.2.3 أو أحدث فوراً
2. التحقق من تثبيت التصحيح بفحص تكوين مسار الخدمة
3. إعادة تشغيل خدمة Mikogo بعد التصحيح
الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):
1. تطبيق أذونات نظام الملفات الصارمة على مجلدات Program Files والجذر
2. تعطيل خدمة Mikogo إذا لم تكن مطلوبة بنشاط
3. تشغيل خدمة Mikogo تحت حساب خدمة مقيد بدلاً من LocalSystem
4. تطبيق سياسات AppLocker للتحكم في تنفيذ الملفات
قواعد الكشف:
1. مراقبة إنشاء الملفات في جذر C:\ بامتداد .exe
2. تنبيهات إعادة تشغيل أو تعديل خدمة Mikogo
3. تتبع تنفيذ العمليات من مسارات غير متوقعة بامتيازات LocalSystem
4. مراقبة التغييرات في السجل المتعلقة بخدمة Mikogo
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures
A.5.2.1 - User access management and privilege control
A.5.3.1 - Asset management and inventory
A.5.4.1 - Access control implementation
A.5.7.1 - Cryptography and secure communications
🔵 SAMA CSF
ID.AM-1 - Asset Management
PR.AC-1 - Access Control Policy
PR.AC-4 - Access Rights Management
DE.CM-1 - System Monitoring
RS.MI-1 - Incident Response Procedures
🟡 ISO 27001:2022
A.5.1.1 - Information security policies
A.5.2.1 - User access management
A.5.3.1 - Asset management
A.5.4.1 - Access control
A.5.7.1 - Cryptography
A.8.1.1 - User endpoint devices
A.8.2.1 - Privileged access rights
🟣 PCI DSS v4.0.1
Requirement 1.1 - Firewall configuration standards
Requirement 2.1 - Default security parameters
Requirement 6.2 - Security patches and updates
Requirement 7.1 - Limit access to system components
Requirement 8.1 - User identification and authentication
🔗 References & Sources 3
🔗
http://html.tucows.com/preview/518015/Mikogo?q=remote+support
disclosure@vulncheck.com
Broken Link
🔗
https://www.exploit-db.com/exploits/47510
disclosure@vulncheck.com
Exploit
VDB Entry
🔗
https://www.vulncheck.com/advisories/mikogo-mikogo-service-unquoted-service-path
disclosure@vulncheck.com
Third Party Advisory
📦 Affected Products / CPE 1 entries
mikogo:mikogo:5.2.150317