ESET, a prominent cybersecurity company, has taken swift action to address a critical security flaw affecting its Windows products. The vulnerability tracked as CVE-2024-0353 with a CVSS score of 7.8, poses a significant risk to users.
The Vulnerability
The identified vulnerability is a local privilege escalation issue that could potentially allow an attacker to gain unauthorized access and escalate their privileges. Here are the key details:
- Submitted by Zero Day Initiative (ZDI): The flaw was responsibly disclosed to ESET by the ZDI, a well-known organization that focuses on identifying and reporting security vulnerabilities.
- Exploiting File Operations: The vulnerability lies in ESET’s Real-time file system protection feature. An attacker could misuse this functionality to manipulate file operations without proper permissions.
- Impact: By exploiting this flaw, an attacker with the ability to execute low-privileged code on a target system could delete arbitrary files, potentially compromising system integrity.
Advisory Details
The official advisory states:
“The vulnerability in file operations handling, performed by the Real-time file system protection feature on the Windows operating system, potentially allowed an attacker with an ability to execute low-privileged code on the target system to delete arbitrary files as NT AUTHORITY\SYSTEM, escalating their privileges.”
Incident Response
As of now, ESET has not observed any active attacks exploiting this vulnerability in the wild. However, the company is taking proactive measures to safeguard its users.
Impacted Programs and Versions
- ESET NOD32 Antivirus, Internet Security, Smart Security Premium, Security Ultimate (Version 16.2.15.0 and earlier)
- ESET Endpoint Antivirus for Windows and Endpoint Security for Windows (Versions 10.1.2058.0, 10.0.2049.0, 9.1.2066.0, 8.1.2052.0 and earlier)
- ESET Server Security for Windows Server (formerly File Security for Microsoft Windows Server)
- Versions 10.0.12014.0, 9.0.12018.0, 8.0.12015.0, 7.3.12011.0 and earlier from the respective version family
- ESET Mail Security for Microsoft Exchange Server
- Versions 10.1.10010.0, 10.0.10017.0, 9.0.10011.0, 8.0.10022.0, 7.3.10014.0 and earlier from the respective version family
- ESET Mail Security for IBM Domino
- Versions 10.0.14006.0, 9.0.14007.0, 8.0.14010.0, 7.3.14004.0 and earlier from the respective version family
- ESET Security for Microsoft SharePoint Server
- Versions 10.0.15004.0, 9.0.15005.0, 8.0.15011.0, 7.3.15004.0 and earlier from the respective version family
- ESET File Security for Microsoft Azure (all versions)
The cybersecurity firm has promptly released patches to address these critical issues in the following products:
- NOD32 Antivirus
- Internet Security
- Smart Security Premium
- Security Ultimate
- Endpoint Antivirus and Endpoint Security for Windows
- Server Security for Windows Server
- Mail Security for Exchange Server and IBM Domino
- Security for SharePoint Server
- File Security for Microsoft Azure
End-of-Life Products and Urgent Patching
Despite its commitment to security, ESET has not released security patches for products that have reached their end-of-life (EOL) status. This situation underscores the importance of proactive measures to safeguard systems.
Immediate Action Required
The company strongly advises its customers to apply patches promptly. Delaying patching can leave systems vulnerable to exploitation.
Vulnerabilities within security software pose a significant threat. Here’s why:
- Elusive Detection: Detecting these issues can be challenging due to their intricate nature.
- High Privileges: Security software operates with elevated privileges, making any vulnerability particularly dangerous.
Recent Case: CVE-2023-5594
In December 2023, ESET addressed a critical vulnerability (CVE-2023-5594, CVSS score 7.5) in the Secure Traffic Scanning Feature. This fix prevents potential exploitation that could lead web browsers to inadvertently trust websites using certificates signed with outdated and insecure algorithms.
Remember, timely patching is our shield against cyber threats.