Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

ESET fixed a serious vulnerability in its products for Windows

Now Reading
ESET fixed a serious vulnerability in its products for Windows

Antivirus company ESET has released patches and fixed a serious local privilege escalation vulnerability that affected all clients of its Windows products.

The vulnerability, identified as CVE-2021-37852 and discovered by experts from the Zero Day Initiative (ZDI), is rated as high-risk because it allows an attacker to abuse the AMSI scanning function.

This vulnerability allows local attackers to escalate privileges on affected installations of ESET Endpoint Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the use of named pipes. The issue results from allowing an untrusted process to impersonate the client of a pipe. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.specialists of the Zero Day Initiative said.

The bug affects many versions of ESET NOD32 Antivirus, Internet Security, Smart Security and Smart Security Premium, Endpoint Antivirus and Endpoint Security for Windows, Server Security and File Security for Windows Server, Server Security for Azure, Security for SharePoint Server, and Mail Security for IBM Domino and for Exchange Server.

An attacker who can gain [rights on] SeImpersonatePrivilege, in some cases, is able to use the AMSI scan function to elevate privileges to NT AUTHORITY\SYSTEM.explains ESET.

By default, the local Administrators group and the local device service accounts have access to SeImpersonatePrivilege. However, since these accounts already have fairly high privileges, the impact of this error is very limited, ESET emphasizes.

ESET released a series of patches for this issue in December 2021, followed by another batch of fixes in January 2022 (for older versions of Windows products). The company notes that the vulnerability can also be fixed in the settings by simply disabling the Enable advanced scanning via AMSI option, however, ESET recommends using this workaround only if installing patches for some reason is not possible at all.

Let me remind you that we also talked about the fact that Windows Defender fixed 12-year-old vulnerability, and also that Google Play Protect fails AV-TEST checks again.

What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Vladimir Krasnogolovy
Leave a response

Leave a Response