ESET File Security for Microsoft Windows Server 8.0 (released on January 12, 2022).ESET Server Security for Microsoft Windows Server 0.0 (released on December 16, 2021).ESET Endpoint Antivirus for Windows and ESET Endpoint Security for Windows.
ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, and ESET Smart Security 15.0.19.0 (released on December 8, 2021).Moreover, ESET has already prepared a list of fixed products that are not vulnerable, and here they are mentioned below:. But, all these accounts already have relatively high privileges, and the impact of this error is very limited. While the local Administrators group and the local device service accounts have access to SeImpersonatePrivilege by default. “An attacker who can achieve SeImpersonatePrivilege rights will be able to exploit the AMSI scan function to elevate the privileges to NT AUTHORITY\SYSTEM.” ESET Mail Security for Microsoft Exchange Server from version 9 to 6.0.ESET Mail Security for IBM Domino from version 8.0 to 4.0.ESET Security for Microsoft SharePoint Server from version 8.0 to 4.0.ESET Server Security for Microsoft Azure from version 6.1002 to 4.1000.ESET Server Security for Microsoft Windows Server 3.0 and 3.1, ESET File Security for Microsoft Windows Server from version 4.0 to 6.0.ESET Endpoint Antivirus for Windows and ESET Endpoint Security for Windows from version.
ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, and ESET Smart Security Premium from version 10.0.337.1 to 15.0.18.0.Here below we have mentioned all the affected programs of ESET along with their respective versions:. FINDING CREDIT: Michael DePlante of Trend Micro’s Zero Day Initiative.DISCLOSURE TIMELINE: – Vulnerability reported to vendor & – Coordinated public release of advisory.DESCRIPTION: ESET Endpoint Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability.While after detecting and tracking this vulnerability, the ZDI team immediately reported this vulnerability to ESET. The cybersecurity analysts at Zero Day Initiative (ZDI) on November 18, 2021, have identified and tracked vulnerability as “ CVE-2021-37852,” which is marked as critical in terms of severity since it allows the threat actors to exploit the AMSI scanning function.
ESET has recently published patches to fix a local privilege escalation vulnerability detected in all the clients of its Windows products that enables the threat actors to escalate privileges and execute arbitrary code.
0 kommentar(er)
