INITIALIZING
📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global data_breach Government CRITICAL 7h Global ransomware Financial Services / Cybersecurity CRITICAL 8h Global vulnerability Information Technology / Cybersecurity CRITICAL 10h Global malware Energy and Utilities CRITICAL 10h Global ransomware Multiple sectors CRITICAL 11h Global vulnerability Industrial Control Systems / IoT / Infrastructure CRITICAL 13h Global supply_chain Information Technology and Critical Infrastructure CRITICAL 14h Global phishing Multiple sectors HIGH 14h Global insider Cybersecurity Services CRITICAL 14h Global ransomware Multiple sectors (U.S. companies) CRITICAL 15h Global data_breach Government CRITICAL 7h Global ransomware Financial Services / Cybersecurity CRITICAL 8h Global vulnerability Information Technology / Cybersecurity CRITICAL 10h Global malware Energy and Utilities CRITICAL 10h Global ransomware Multiple sectors CRITICAL 11h Global vulnerability Industrial Control Systems / IoT / Infrastructure CRITICAL 13h Global supply_chain Information Technology and Critical Infrastructure CRITICAL 14h Global phishing Multiple sectors HIGH 14h Global insider Cybersecurity Services CRITICAL 14h Global ransomware Multiple sectors (U.S. companies) CRITICAL 15h Global data_breach Government CRITICAL 7h Global ransomware Financial Services / Cybersecurity CRITICAL 8h Global vulnerability Information Technology / Cybersecurity CRITICAL 10h Global malware Energy and Utilities CRITICAL 10h Global ransomware Multiple sectors CRITICAL 11h Global vulnerability Industrial Control Systems / IoT / Infrastructure CRITICAL 13h Global supply_chain Information Technology and Critical Infrastructure CRITICAL 14h Global phishing Multiple sectors HIGH 14h Global insider Cybersecurity Services CRITICAL 14h Global ransomware Multiple sectors (U.S. companies) CRITICAL 15h
Vulnerabilities

CVE-2021-47852

High
Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the Rocks
CWE-276 — Weakness Type
Published: Jan 21, 2026  ·  Modified: Feb 28, 2026  ·  Source: NVD
CVSS v3
8.8
🔗 NVD Official
📄 Description (English)

Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated system access.

🤖 AI Executive Summary

CVE-2021-47852 is a privilege escalation vulnerability in Rockstar Games Launcher 1.0.37.349 affecting Windows systems where weak file permissions on the RockstarService.exe allow authenticated users to replace it with malicious code. This enables attackers to execute arbitrary code with SYSTEM privileges and create administrator accounts. While no public exploit exists, the vulnerability poses significant risk to organizations where gaming platforms are installed on corporate or critical infrastructure systems.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 22, 2026 02:00
🇸🇦 Saudi Arabia Impact Assessment
While Rockstar Games Launcher is primarily a consumer application, Saudi organizations face risk in: (1) Government agencies and NCA facilities where employee workstations may have gaming software installed, creating lateral movement vectors; (2) Banking and SAMA-regulated institutions where privilege escalation could compromise financial systems if installed on administrative workstations; (3) Energy sector (ARAMCO, utilities) where gaming software on operational technology networks poses supply chain risk; (4) Telecom operators (STC, Mobily) where this could affect employee infrastructure; (5) Educational institutions and research centers. The vulnerability is particularly concerning in environments with shared workstations or BYOD policies.
🏢 Affected Saudi Sectors
Government Banking and Financial Services Energy and Utilities Telecommunications Healthcare Education and Research Defense and Security
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:

1. Identify all systems with Rockstar Games Launcher 1.0.37.349 installed using endpoint detection tools or software inventory systems

2. Restrict file system permissions on C:\Program Files\Rockstar Games\Launcher\RockstarService.exe to SYSTEM and Administrators only (remove Authenticated Users modify permissions)

3. Disable or uninstall Rockstar Games Launcher from corporate/critical infrastructure systems

4. Review Windows Event Logs (Security, System) for unauthorized service modifications or new administrator account creation



Patching Guidance:

1. Update Rockstar Games Launcher to version 1.0.37.350 or later immediately

2. Verify patch installation by checking file permissions post-update

3. Restart affected systems to ensure service reloads with correct permissions



Compensating Controls (if patching delayed):

1. Implement Application Whitelisting (AppLocker/Windows Defender Application Control) to restrict RockstarService.exe execution

2. Enable Windows Defender for Real-time Protection with behavior monitoring

3. Configure File Integrity Monitoring (FIM) on RockstarService.exe to alert on modifications

4. Implement privileged access management (PAM) to monitor and restrict service account usage

5. Use Group Policy to prevent service executable modification via NTFS permissions enforcement



Detection Rules:

- Monitor for RockstarService.exe file modifications (creation time, hash changes)

- Alert on new local administrator account creation

- Track service restart events for RockstarService

- Monitor for unusual process execution from Rockstar Games directory with elevated privileges
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تحتوي على Rockstar Games Launcher 1.0.37.349 باستخدام أدوات كشف نقاط النهاية أو أنظمة جرد البرامج

2. تقييد أذونات نظام الملفات على C:\Program Files\Rockstar Games\Launcher\RockstarService.exe لـ SYSTEM والمسؤولين فقط (إزالة أذونات تعديل المستخدمين المصرحين)

3. تعطيل أو إلغاء تثبيت Rockstar Games Launcher من أنظمة البنية التحتية الحرجة والشركات

4. مراجعة سجلات Windows Event (الأمان والنظام) للتحقق من التعديلات غير المصرح بها على الخدمة أو إنشاء حسابات مسؤول جديدة



إرشادات التصحيح:

1. تحديث Rockstar Games Launcher إلى الإصدار 1.0.37.350 أو أحدث فوراً

2. التحقق من تثبيت التصحيح بفحص أذونات الملفات بعد التحديث

3. إعادة تشغيل الأنظمة المتأثرة لضمان إعادة تحميل الخدمة بالأذونات الصحيحة



الضوابط البديلة (إذا تأخر التصحيح):

1. تنفيذ قائمة التطبيقات المسموحة (AppLocker/Windows Defender Application Control) لتقييد تنفيذ RockstarService.exe

2. تفعيل Windows Defender للحماية في الوقت الفعلي مع مراقبة السلوك

3. تكوين مراقبة سلامة الملفات (FIM) على RockstarService.exe للتنبيه عند التعديلات

4. تنفيذ إدارة الوصول المميز (PAM) لمراقبة وتقييد استخدام حساب الخدمة

5. استخدام Group Policy لمنع تعديل ملف الخدمة القابل للتنفيذ من خلال فرض أذونات NTFS



قواعد الكشف:

- مراقبة تعديلات ملف RockstarService.exe (وقت الإنشاء وتغييرات التجزئة)

- التنبيه عند إنشاء حساب مسؤول محلي جديد

- تتبع أحداث إعادة تشغيل الخدمة لـ RockstarService

- مراقبة تنفيذ العمليات غير العادية من دليل Rockstar Games بامتيازات مرتفعة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures A.6.1.1 - Access control policy A.6.2.1 - User registration and de-registration A.6.2.2 - User access provisioning A.8.2.1 - User endpoint devices A.8.2.3 - Segregation of networks A.12.6.1 - Management of technical vulnerabilities
🔵 SAMA CSF
Governance (GV) - GV-RO-01: Risk and Compliance Management Governance (GV) - GV-SC-01: Supply Chain Risk Management Protect (PR) - PR-AC-01: Access Control Protect (PR) - PR-AC-02: Privileged Access Management Protect (PR) - PR-PT-01: Protection Technology Detect (DE) - DE-CM-01: Configuration and Vulnerability Management
🟡 ISO 27001:2022
5.3 - Segregation of duties 6.1.2 - Competence 6.5.1 - Information security controls 8.1.1 - Inventory of assets 8.2.1 - User endpoint devices 8.3.1 - Cryptography 8.6.1 - Management of technical vulnerabilities A.5.1.1 - Policies for information security A.6.2.1 - User registration and de-registration A.8.2.1 - User endpoint devices
🟣 PCI DSS v4.0
1.1 - Firewall configuration standards 2.1 - Default security parameters 6.2 - Security patches and updates 7.1 - Limit access to system components 8.1 - User identification and authentication 8.2 - Strong authentication methods
📊 CVSS Score
8.8
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredL — Low / Local
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityH — High
IntegrityH — High
AvailabilityH — High
📋 Quick Facts
Severity High
CVSS Score8.8
CWECWE-276
EPSS0.03%
Exploit No
Patch ✓ Yes
Published 2026-01-21
Source Feed nvd
Views 2
🇸🇦 Saudi Risk Score
7.2
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
CWE-276
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.