ESET addresses a serious vulnerability that grants local privileges in Windows products.

February 18, 2024 Cybersecurity company ESET has addressed a high severity privilege escalation vulnerability in its Windows security solution. ESET have addressed a high severity privilege escalation vulnerability, tracked as CVE-2024-0353 (CVSS score 7.8), in their Windows products. The vulnerability is a localized privilege escalation issue that the company received from Zero Day Initiative (ZDI). According to a news release, an attacker could abuse ESET's real-time file operations and delete files without the necessary authorization.

"A vulnerability in the handling of file operations performed by the real-time file system protection feature on a Windows operating system potentially allowed an attacker with the ability to execute code with low privileges on the target system to delete arbitrary files under the NT AUTHORITY\SYSTEM account, elevating their privileges," the information advisory said.

ESET has no information about actual attacks that have actually occurred that exploit this vulnerability.

Here's a list of affected programs and versions:

• ESET NOD32 Antivirus, Internet Security, Smart Security Premium, Security Ultimate 16.2.15.0 and earlier versions
• ESET Endpoint Antivirus for Windows and Endpoint Security for Windows 10.1.2058.0, 10.0.2049.0, 9.1.2066.0, 8.1.2052.0 and earlier versions
• ESET Server Security for Windows Server (formerly File Security for Microsoft Windows Server) 10.0.12014.0, 9.0.12018.0, 8.0.12015.0, 7.3.12011.0 and earlier versions
• ESET Mail Security for Microsoft Exchange Server 10.1.10010.0, 10.0.10017.0, 9.0.10011.0, 8.0.10022.0, 7.3.10014.0 and earlier versions
• ESET Mail Security for IBM Domino 10.0.14006.0, 9.0.14007.0, 8.0.14010.0, 7.3.14004.0 and earlier versions
• ESET Security for Microsoft SharePoint Server 10.0.15004.0, 9.0.15005.0, 8.0.15011.0, 7.3.15004.0 and earlier versions
• ESET File Security for Microsoft Azure (all versions)

The cybersecurity company has released patches to fix issues in NOD32 Antivirus, Internet Security, Smart Security Premium, Security Ultimate, Endpoint Antivirus and Endpoint Security for Windows, Server Security for Windows Server, Mail Security for Exchange Server and IBM Domino, Security for SharePoint Server, File Security for Microsoft Azure. The company does not provide security patches for products that have reached end-of-use (EoL) status. The company recommends that its customers install patches as soon as possible.

Security vulnerabilities are extremely dangerous because such problems are difficult to detect and such programs operate with high authority.

In December 2023, a cybersecurity company fixed a vulnerability (CVE-2023-5594, CVSS score 7.5) in the secure traffic scanning feature, preventing potential exploitation that could have caused web browsers to trust websites using certificates signed with outdated and insecure algorithms.