ESET Patches High-Severity Privilege Escalation Vulnerability

ESET Patches High-Severity Privilege Escalation Vulnerability

February 15, 2024 at 09:51AM

ESET announced patches for a high-severity vulnerability in its consumer, business, and server security products for Windows, tracked as CVE-2024-0353. The flaw could allow an attacker to delete files with System privileges. Researchers with Trend Micro’s ZDI reported the security defect, and patches were released for affected products, with customers advised to apply them promptly.

From the meeting notes, the key points to take away are:

1. ESET announced patches for a high-severity vulnerability, identified as CVE-2024-0353, with a CVSS score of 7.8, which could lead to an elevation of privilege in its consumer, business, and server security products for Windows.

2. The vulnerability was found in the real-time file system protection feature, enabling an attacker with low privileges to delete arbitrary files with System privileges.

3. ESET stated that the security defect was reported by researchers at Trend Micro’s ZDI and that there is no evidence of in-the-wild exploitation.

4. The flaw impacts ESET’s antivirus, endpoint, and server products for Windows, as well as email security and products for Exchange Server, IBM Domino, SharePoint Server, and Azure.

5. ESET has released patches for various products, including NOD32 Antivirus, Internet Security, Endpoint Antivirus, and others for Windows, Server Security for Windows Server, Mail Security for Exchange Server and IBM Domino, and ESET Security for SharePoint Server.

6. It is recommended for ESET customers to apply the available patches as soon as possible, as the exploitation of flaws in security products could have devastating results.

Full Article