This image has an empty alt attribute; its file name is Ncert-Advisory-Template-v2-2.jpg

Internet Security Company, ESET, has fixed the local privilege escalation in multiple ESET products for Windows. Through the coordination of Michael DePlante, a security researcher from Trend Micro’s Zero Day Initiative team, ESET became aware of the vulnerability and mitigated it by releasing a fixed product version. 

According to ESET, there are no existing exploits that take advantage of this vulnerability in the wild. However, they strongly urge users to upgrade to the fixed versions as soon as possible.


A. Nature of the Vulnerability


In some cases, an attacker who is able to get SeImpersonatePrivilege can misuse the AMSI scanning feature to elevate to NT AUTHORITY\SYSTEM. The SeImpersonatePrivilege is by default available to the local Administrators group and the device’s Local Service accounts, which are already highly privileged and thus limit the impact of this vulnerability.


B. Actions to be Taken

CERT-PH recommends the following actions be taken:

  • Test and apply the fixed patch to the affected ESET versions.
  • Having a good backup of the system before patching is a good practice, in case there are anomalies and issues encountered.
  • Proactively monitor and secure identified systems and devices for any suspicious/malicious activities.
  •  In addition, providing and capacitating employees with cybersecurity knowledge and information to minimize the attack surface.
  • For additional information, kindly refer to the official Advisory(


C. Affected Programs and Versions

Product NameVersion
ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, and ESET Smart Security PremiumVersion 10.0.337.1 to
ESET Endpoint Antivirus for Windows and ESET Endpoint Security for WindowsVersion 6.6.2046.0 to 9.0.2032.4
ESET Server Security for Microsoft Windows ServerVersion 8.0.12003.0 and 8.0.12003.1
ESET File Security for Microsoft Windows ServerVersion 7.0.12014.0 to 7.3.12006.0
ESET Server Security for Microsoft AzureVersion 7.0.12016.1002 to 7.2.12004.1000
ESET Security for Microsoft SharePoint ServerVersion 7.0.15008.0 to 8.0.15004.0
ESET Mail Security for IBM DominoVersion 7.0.14008.0 to 8.0.14004.0
ESET Mail Security for Microsoft Exchange ServerVersion 7.0.10019 to 8.0.10016.0