Internet Security Company, ESET, has fixed the local privilege escalation in multiple ESET products for Windows. Through the coordination of Michael DePlante, a security researcher from Trend Micro’s Zero Day Initiative team, ESET became aware of the vulnerability and mitigated it by releasing a fixed product version. 

According to ESET, there are no existing exploits that take advantage of this vulnerability in the wild. However, they strongly urge users to upgrade to the fixed versions as soon as possible.

______________________________

A. Nature of the Vulnerability

CVE-2021-37852

In some cases, an attacker who is able to get SeImpersonatePrivilege can misuse the AMSI scanning feature to elevate to NT AUTHORITY\SYSTEM. The SeImpersonatePrivilege is by default available to the local Administrators group and the device’s Local Service accounts, which are already highly privileged and thus limit the impact of this vulnerability.

______________________________

B. Actions to be Taken

CERT-PH recommends the following actions be taken:

• Test and apply the fixed patch to the affected ESET versions.
• Having a good backup of the system before patching is a good practice, in case there are anomalies and issues encountered.
• Proactively monitor and secure identified systems and devices for any suspicious/malicious activities.
•  In addition, providing and capacitating employees with cybersecurity knowledge and information to minimize the attack surface.
• For additional information, kindly refer to the official Advisory(https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows)

______________________________

C. Affected Programs and Versions