ESET fixed a serious vulnerability in its products for Windows
Antivirus company ESET has released patches and fixed a serious local privilege escalation vulnerability that affected all clients of its Windows products.
The vulnerability, identified as CVE-2021-37852 and discovered by experts from the Zero Day Initiative (ZDI), is rated as high-risk because it allows an attacker to abuse the AMSI scanning function.
The bug affects many versions of ESET NOD32 Antivirus, Internet Security, Smart Security and Smart Security Premium, Endpoint Antivirus and Endpoint Security for Windows, Server Security and File Security for Windows Server, Server Security for Azure, Security for SharePoint Server, and Mail Security for IBM Domino and for Exchange Server.
By default, the local Administrators group and the local device service accounts have access to SeImpersonatePrivilege. However, since these accounts already have fairly high privileges, the impact of this error is very limited, ESET emphasizes.
ESET released a series of patches for this issue in December 2021, followed by another batch of fixes in January 2022 (for older versions of Windows products). The company notes that the vulnerability can also be fixed in the settings by simply disabling the Enable advanced scanning via AMSI option, however, ESET recommends using this workaround only if installing patches for some reason is not possible at all.
Let me remind you that we also talked about the fact that Windows Defender fixed 12-year-old vulnerability, and also that Google Play Protect fails AV-TEST checks again.
