Pierluigi Paganini February 18, 2024
ESET addressed a high-severity vulnerability, tracked as CVE-2024-0353 (CVSS score 7.8), in its Windows products.
The vulnerability is a local privilege escalation issue that was submitted to the company by the Zero Day Initiative (ZDI). According to the advisory, an attacker can misuse ESET’s file operations, as performed by the Real-time file system protection, to delete files without having the proper permission.
“The vulnerability in file operations handling, performed by the Real-time file system protection feature on the Windows operating system, potentially allowed an attacker with an ability to execute low-privileged code on the target system to delete arbitrary files as NT AUTHORITY\SYSTEM, escalating their privileges.” reads the advisory.
ESET is not aware of attacks in the wild exploiting this vulnerability.
Below is the list of impacted programs and versions:
The cybersecurity firm has released patches to address the issues in NOD32 Antivirus, Internet Security, Smart Security Premium, Security Ultimate, Endpoint Antivirus and Endpoint Security for Windows, Server Security for Windows Server, Mail Security for Exchange Server and IBM Domino, Security for SharePoint Server, File Security for Microsoft Azure.
The security firm hasn’t provided security patches for products that reached their end-of-life (EoL) status.
The company recommended customers patch their products as soon as possible.
Vulnerabilities in security solutions are very dangerous because these issues are difficult to detect and because these software solutions run with high privileges.
In December 2023, the cybersecurity firm addressed a vulnerability (CVE-2023-5594, CVSS score 7.5) in the Secure Traffic Scanning Feature, preventing potential exploitation that could lead web browsers to trust websites using certificates signed with outdated and insecure algorithms.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, privilege escalation)