Internet Security Company, ESET, has fixed the local privilege escalation in multiple ESET products for Windows. Through the coordination of Michael DePlante, a security researcher from Trend Micro’s Zero Day Initiative team, ESET became aware of the vulnerability and mitigated it by releasing a fixed product version.
According to ESET, there are no existing exploits that take advantage of this vulnerability in the wild. However, they strongly urge users to upgrade to the fixed versions as soon as possible.
A. Nature of the Vulnerability
In some cases, an attacker who is able to get SeImpersonatePrivilege can misuse the AMSI scanning feature to elevate to NT AUTHORITY\SYSTEM. The SeImpersonatePrivilege is by default available to the local Administrators group and the device’s Local Service accounts, which are already highly privileged and thus limit the impact of this vulnerability.
B. Actions to be Taken
CERT-PH recommends the following actions be taken:
- Test and apply the fixed patch to the affected ESET versions.
- Having a good backup of the system before patching is a good practice, in case there are anomalies and issues encountered.
- Proactively monitor and secure identified systems and devices for any suspicious/malicious activities.
- In addition, providing and capacitating employees with cybersecurity knowledge and information to minimize the attack surface.
- For additional information, kindly refer to the official Advisory(https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows)
C. Affected Programs and Versions
|ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, and ESET Smart Security Premium||Version 10.0.337.1 to 220.127.116.11|
|ESET Endpoint Antivirus for Windows and ESET Endpoint Security for Windows||Version 6.6.2046.0 to 9.0.2032.4|
|ESET Server Security for Microsoft Windows Server||Version 8.0.12003.0 and 8.0.12003.1|
|ESET File Security for Microsoft Windows Server||Version 7.0.12014.0 to 7.3.12006.0|
|ESET Server Security for Microsoft Azure||Version 7.0.12016.1002 to 7.2.12004.1000|
|ESET Security for Microsoft SharePoint Server||Version 7.0.15008.0 to 8.0.15004.0|
|ESET Mail Security for IBM Domino||Version 7.0.14008.0 to 8.0.14004.0|
|ESET Mail Security for Microsoft Exchange Server||Version 7.0.10019 to 8.0.10016.0|