📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global supply_chain Software Development and Technology HIGH 3h Global apt Government/Critical Infrastructure CRITICAL 5h Global vulnerability Enterprise Software / Data Analytics CRITICAL 5h Global vulnerability Artificial Intelligence and Technology HIGH 9h Global general Technology and Artificial Intelligence MEDIUM 12h Global general Technology and Artificial Intelligence HIGH 13h Global vulnerability Higher Education CRITICAL 22h Global data_breach Government HIGH 23h Global supply_chain Software Development and Open Source Communities CRITICAL 23h Global malware Software Development CRITICAL 23h Global supply_chain Software Development and Technology HIGH 3h Global apt Government/Critical Infrastructure CRITICAL 5h Global vulnerability Enterprise Software / Data Analytics CRITICAL 5h Global vulnerability Artificial Intelligence and Technology HIGH 9h Global general Technology and Artificial Intelligence MEDIUM 12h Global general Technology and Artificial Intelligence HIGH 13h Global vulnerability Higher Education CRITICAL 22h Global data_breach Government HIGH 23h Global supply_chain Software Development and Open Source Communities CRITICAL 23h Global malware Software Development CRITICAL 23h Global supply_chain Software Development and Technology HIGH 3h Global apt Government/Critical Infrastructure CRITICAL 5h Global vulnerability Enterprise Software / Data Analytics CRITICAL 5h Global vulnerability Artificial Intelligence and Technology HIGH 9h Global general Technology and Artificial Intelligence MEDIUM 12h Global general Technology and Artificial Intelligence HIGH 13h Global vulnerability Higher Education CRITICAL 22h Global data_breach Government HIGH 23h Global supply_chain Software Development and Open Source Communities CRITICAL 23h Global malware Software Development CRITICAL 23h
Vulnerabilities

CVE-2020-36952

High
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service
CWE-428 — Weakness Type
Published: Jan 26, 2026  ·  Modified: Feb 28, 2026  ·  Source: NVD
CVSS v3
7.8
🔗 NVD Official
📄 Description (English)

IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with SYSTEM-level permissions during service startup.

🤖 AI Executive Summary

CVE-2020-36952 is a local privilege escalation vulnerability in IObit Uninstaller 10 Pro exploiting unquoted service paths, allowing authenticated users to execute arbitrary code with SYSTEM privileges. While no public exploit exists, the vulnerability is straightforward to exploit and poses significant risk to organizations using this software. Immediate patching is critical as the vulnerability enables complete system compromise through a simple local attack vector.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 27, 2026 07:38
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily affects Saudi organizations using IObit Uninstaller 10 Pro on Windows systems. Risk sectors include: Government agencies (NCA, CITC) using endpoint management tools; Banking sector (SAMA-regulated institutions) with administrative workstations; Healthcare organizations (MOH facilities) managing IT infrastructure; Energy sector (ARAMCO, utilities) with IT operations; Telecom companies (STC, Mobily) managing enterprise endpoints. The vulnerability is particularly dangerous in shared administrative environments common in Saudi enterprises where multiple privileged users access the same systems.
🏢 Affected Saudi Sectors
Government Banking Healthcare Energy Telecommunications IT Services Enterprise IT Operations
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:

1. Identify all systems running IObit Uninstaller 10 Pro using endpoint detection tools or SCCM/Intune inventory

2. Restrict local administrative access to affected systems where possible

3. Disable IObit Uninstaller Service if not actively required



PATCHING:

1. Update IObit Uninstaller to version 11 or later immediately

2. Verify patch installation by checking service path in Registry (HKLM\SYSTEM\CurrentControlSet\Services\IObitUninstallerService)

3. Restart affected systems to ensure service updates take effect



COMPENSATING CONTROLS (if immediate patching not possible):

1. Implement AppLocker/Windows Defender Application Control to restrict execution from Program Files directories

2. Monitor service startup events (Event ID 7045) for suspicious service creation

3. Restrict local administrator group membership

4. Enable Windows Defender for real-time protection



DETECTION:

1. Monitor Registry for unquoted service paths: reg query HKLM\SYSTEM\CurrentControlSet\Services /s | findstr /i "IObit"

2. Alert on service path modifications in Event Viewer (System log, Event ID 7045)

3. Monitor process creation from IObit installation directory with SYSTEM privileges

4. Implement YARA rule: detect unquoted paths in IObit service registry entries
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تقوم بتشغيل IObit Uninstaller 10 Pro باستخدام أدوات كشف نقاط النهاية أو SCCM/Intune

2. تقييد الوصول الإداري المحلي للأنظمة المتأثرة حيثما أمكن

3. تعطيل خدمة IObit Uninstaller إذا لم تكن مطلوبة بنشاط



التصحيح:

1. تحديث IObit Uninstaller إلى الإصدار 11 أو أحدث فوراً

2. التحقق من تثبيت التصحيح بفحص مسار الخدمة في السجل

3. إعادة تشغيل الأنظمة المتأثرة لضمان تحديث الخدمة



الضوابط البديلة:

1. تطبيق AppLocker للتحكم في التطبيقات

2. مراقبة أحداث بدء الخدمة للكشف عن الخدمات المريبة

3. تقييد عضوية مجموعة المسؤولين المحليين

4. تفعيل Windows Defender للحماية في الوقت الفعلي



الكشف:

1. مراقبة السجل للمسارات غير المقتبسة

2. التنبيه على تعديلات مسار الخدمة

3. مراقبة إنشاء العمليات من دليل التثبيت بامتيازات SYSTEM

4. تطبيق قواعد الكشف عن المسارات غير المقتبسة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures A.8.1.1 - User access management A.8.2.1 - User registration and de-registration A.8.3.1 - User access provisioning A.9.2.1 - User access rights review A.12.6.1 - Management of technical vulnerabilities
🔵 SAMA CSF
ID.AM-2 - Software inventory and management PR.AC-1 - Access control policy and procedures PR.AC-4 - Access rights and privileges management DE.CM-8 - Vulnerability scans RS.MI-2 - Incidents are mitigated
🟡 ISO 27001:2022
A.5.1 - Management direction for information security A.8.1 - User endpoint devices A.8.2 - Privileged access rights A.8.3 - Information access restriction A.12.6 - Management of technical vulnerabilities A.14.2 - Security requirements analysis and specification
🟣 PCI DSS v4.0.1
2.2.4 - Configure system security parameters 6.2 - Ensure security patches are installed 8.1 - Assign unique user ID 8.2 - Restrict access to system components
📊 CVSS Score
7.8
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorL — Low / Local
Attack ComplexityL — Low / Local
Privileges RequiredL — Low / Local
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityH — High
IntegrityH — High
AvailabilityH — High
📋 Quick Facts
Severity High
CVSS Score7.8
CWECWE-428
EPSS0.01%
Exploit No
Patch ✓ Yes
Published 2026-01-26
Source Feed nvd
Views 5
🇸🇦 Saudi Risk Score
7.2
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
CWE-428
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram

💬 Comments

0
Loading comments
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.