ESET Endpoint Antivirus for Windows and ESET Endpoint Security for Windows.ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security and ESET Smart Security 15.0.19.0 (released on December 8, 2021).The vendor recommends that users update to these versions as soon as possible: Updates are availableĮSET has released the following fixed product versions that are not vulnerable to the vulnerability. ESET has reserved CVE-2021-37852 for this vulnerability. The attack surface can also be removed by disabling the Enable advanced scanning via AMSI option in the advanced settings of ESET products. New builds of the affected products have been created that are not vulnerable to this vulnerability. The list of affected products can be found in the ESET alert. An attacker can exploit this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.ĮSET analyzed and then verified this report. The problem results from the fact that an untrusted process can impersonate the client of a pipe. The specific vulnerability is the use of named pipes. Then, this vulnerability can allow local attackers to escalte their privileges. ZDI writes here that an attacker must first gain the ability to execute low-privileged code on the target system to exploit this vulnerability. The SeImpersonatePrivilege is available by default to the device's local administrators group and local service accounts, which are already highly privileged, limiting the impact of this vulnerability. The vulnerability allows an attacker to abuse the AMSI scanning function in certain cases.Īccording to the Zero Day Initiative (ZDI) report, an attacker who succeeds in gaining SeImpersonatePrivilege on Windows can abuse the AMSI scanning function to gain NT AUTHORITY\SYSTEM privileges in some cases. CVE-2021-37852: Local privilege escalation vulnerabilityĮSET was notified of a potential local privilege escalation vulnerability by the Zero Day Initiative (ZDI) on November 18, 2021. In the security advisory Local privilege escalation vulnerability fixed in ESET products for Windows dated January 31, 2022, the vendor ESET clarifies the details.
0 kommentar(er)
