Antivirus company ESET has released patches and fixed a serious local privilege escalation vulnerability that affected all clients of its Windows products.

The vulnerability, identified as CVE-2021-37852 and discovered by experts from the Zero Day Initiative (ZDI), is rated as high-risk because it allows an attacker to abuse the AMSI scanning function.

This vulnerability allows local attackers to escalate privileges on affected installations of ESET Endpoint Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the use of named pipes. The issue results from [...]