ESET Security Products for Windows Vulnerable to Privilege Escalation

ESET, a main cybersecurity company, not too prolonged ago addressed a local privilege escalation vulnerability in its Windows security merchandise.

The Zero Day Initiative (ZDI) reported the vulnerability to ESET.

It need to even contain allowed attackers to misuse ESET’s file operations all the draw by a restore operation from quarantine, potentially main to an Arbitrary File Advent Local Privilege Escalation.

CVE-2024-2003 – Vulnerability Necessary elements

The vulnerability, CVE-2024-2003, would contain allowed a user logged on to the system to acquire a privilege escalation assault by planting malicious files in explicit folders.

ESET’s carrier also can later misuse these files all the draw by file operations initiated by a user with administrative privileges, allowing the attacker to fetch or overwrite arbitrary files.

The vulnerability has a CVSS v3.1 fetch of 7.3, indicating a high severity level.

Upon receiving the vulnerability document, ESET promptly addressed the bid by releasing a repair within the Antivirus and antispyware scanner module 1610.

The as much as this level module became as soon as automatically dispensed to ESET customers alongside side Detection engine updates.

The distribution process began for pre-free up users on April 10, 2024, adopted by batches for most of the folk on April 17, 2024, and a fat free up on April 22, 2024.

Impact on ESET Possibilities

In step with ESET, no present exploits had been noticed taking support of this vulnerability within the wild.

Possibilities with incessantly as much as this level ESET merchandise originate not need to rob any motion in line with this vulnerability document, as the Antivirus and antispyware scanner module update has automatically patched present installed merchandise.

For new installations, ESET recommends the use of the latest installers available on their reliable web arrangement or repository.

The affected functions encompass varied ESET security merchandise for Windows, equivalent to ESET NOD32 Antivirus, ESET Web Safety, ESET Endpoint Antivirus, ESET Server Safety, and ESET Mail Safety for Microsoft Substitute Server.

ESET’s swift response to the vulnerability document demonstrates the company’s dedication to making positive the protection of its merchandise and protecting its customers from doable threats.