Cool Audit

ESET Security Products for Windows Vulnerable to Privilege Escalation

ESET, a leading cybersecurity company, recently addressed a local privilege escalation vulnerability in its Windows security products.

The Zero Day Initiative (ZDI) reported the vulnerability to ESET.

It could have allowed attackers to misuse ESET’s file operations during a restore operation from quarantine, potentially leading to an Arbitrary File Creation Local Privilege Escalation.

CVE-2024-2003 – Vulnerability Details

The vulnerability, CVE-2024-2003, would have allowed a user logged on to the system to perform a privilege escalation attack by planting malicious files in specific folders.

ESET’s service could later misuse these files during file operations initiated by a user with administrative privileges, allowing the attacker to create or overwrite arbitrary files.

The vulnerability has a CVSS v3.1 score of 7.3, indicating a high severity level.

Upon receiving the vulnerability report, ESET promptly addressed the issue by releasing a fix in the Antivirus and antispyware scanner module 1610.

The updated module was automatically distributed to ESET customers along with Detection engine updates.

The distribution process began for pre-release users on April 10, 2024, followed by batches for the general public on April 17, 2024, and a full release on April 22, 2024.

Impact on ESET Customers

According to ESET, no existing exploits have been observed taking advantage of this vulnerability in the wild.

Customers with regularly updated ESET products do not need to take any action based on this vulnerability report, as the Antivirus and antispyware scanner module update has automatically patched existing installed products.

For new installations, ESET recommends using the latest installers available on their official website or repository.

The affected programs include various ESET security products for Windows, such as ESET NOD32 Antivirus, ESET Internet Security, ESET Endpoint Antivirus, ESET Server Security, and ESET Mail Security for Microsoft Exchange Server.

ESET’s swift response to the vulnerability report demonstrates the company’s commitment to ensuring the security of its products and protecting its customers from potential threats.