ESET, a prominent cybersecurity firm, has successfully remedied a critical local privilege escalation vulnerability in its Windows security solution. Identified as CVE-2024-0353 with a CVSS score of 7.8, this flaw allowed attackers to exploit ESET’s file operations, particularly within the Real-time file system protection feature. By executing low-privileged code, malicious actors could delete files, posing a significant security risk. The company, informed of the vulnerability by the Zero Day Initiative, promptly addressed the issue and released patches across various products, including NOD32 Antivirus, Endpoint Security, and Server Security for Windows Server.
The vulnerability was a potential gateway for attackers to delete arbitrary files as NT AUTHORITY\SYSTEM, thus escalating their privileges. Despite the severity, ESET has not detected any active exploits in the wild. The impacted programs and versions span ESET’s extensive product range, necessitating swift action to apply the released patches. It’s crucial for users to update their systems, especially considering the inherent danger of vulnerabilities in security solutions, as they operate with elevated privileges.
ESET’s advisory listed affected products such as NOD32 Antivirus, Internet Security, Smart Security Premium, Security Ultimate, Endpoint Antivirus, and Endpoint Security for Windows, among others. The security firm, however, did not provide patches for products that had reached their end-of-life status, emphasizing the importance of ongoing support. Vulnerabilities in security solutions demand immediate attention, given their potential for exploitation, and users are strongly advised to patch their products promptly to mitigate risks. This incident follows ESET’s proactive approach, as seen in their December 2023 response to a vulnerability in the Secure Traffic Scanning Feature, reinforcing their commitment to robust cybersecurity practices.
