[ad_1]
ESET has not too long ago revealed patches to repair a neighborhood privilege escalation vulnerability detected in all of the shoppers of its Home windows merchandise that permits the risk actors to escalate privileges and execute arbitrary code.
The cybersecurity analysts at Zero Day Initiative (ZDI) on November 18, 2021, have recognized and tracked vulnerability as “CVE-2021-37852,” which is marked as essential by way of severity because it permits the risk actors to use the AMSI scanning operate.
Whereas after detecting and monitoring this vulnerability, the ZDI group instantly reported this vulnerability to ESET.
Flaw Profile
- CVE ID: CVE-2021-37852
- CVSS SCORE: 7.0, (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
- AFFECTED VENDORS: ESET
- AFFECTED PRODUCTS: Endpoint Antivirus
- DESCRIPTION: ESET Endpoint Antivirus Pointless Privileges Native Privilege Escalation Vulnerability.
- DISCLOSURE TIMELINE: 2021-06-18 – Vulnerability reported to vendor & 2022-01-31 – Coordinated public launch of advisory.
- FINDING CREDIT: Michael DePlante (@izobashi) of Development Micro’s Zero Day Initiative.
Affected Applications
Right here beneath we’ve talked about all of the affected applications of ESET together with their respective variations:-
- ESET NOD32 Antivirus, ESET Web Safety, ESET Sensible Safety, and ESET Sensible Safety Premium from model 10.0.337.1 to fifteen.0.18.0
- ESET Endpoint Antivirus for Home windows and ESET Endpoint Safety for Home windows from model 6.6.2046.0 to 9.0.2032.4
- ESET Server Safety for Microsoft Home windows Server 8.0.12003.0 and eight.0.12003.1, ESET File Safety for Microsoft Home windows Server from model 7.0.12014.0 to 7.3.12006.0
- ESET Server Safety for Microsoft Azure from model 7.0.12016.1002 to 7.2.12004.1000
- ESET Safety for Microsoft SharePoint Server from model 7.0.15008.0 to eight.0.15004.0
- ESET Mail Safety for IBM Domino from model 7.0.14008.0 to eight.0.14004.0
- ESET Mail Safety for Microsoft Trade Server from model 7.0.10019 to eight.0.10016.0
Right here’s what ESET stated:-
“An attacker who can obtain SeImpersonatePrivilege rights will be capable to exploit the AMSI scan operate to raise the privileges to NT AUTHORITYSYSTEM.”
Whereas the native Directors group and the native system service accounts have entry to SeImpersonatePrivilege by default. However, all these accounts have already got comparatively excessive privileges, and the influence of this error could be very restricted.
Options
Furthermore, ESET has already ready an inventory of fastened merchandise that aren’t weak, and right here they’re talked about beneath:-
- ESET NOD32 Antivirus, ESET Web Safety, ESET Sensible Safety, and ESET Sensible Safety 15.0.19.0 (launched on December 8, 2021)
- ESET Endpoint Antivirus for Home windows and ESET Endpoint Safety for Home windows 9.0.2032.6 and 9.0.2032.7 (launched on December 16, 2021)
- ESET Endpoint Antivirus for Home windows and ESET Endpoint Safety for Home windows 8.0.2028.3, 8.0.2028.4, 8.0.2039.3, 8.0.2039.4, 8.0.2044.3, 8.0.2044.4, 8.1.2031.3, 8.1.2031.4, 8.1.2037.9 and eight.1.2037.10 (launched on January 25, 2022)
- ESET Endpoint Antivirus for Home windows and ESET Endpoint Safety for Home windows 7.3.2055.0 and seven.3.2055.1 (launched on January 31, 2022)
- ESET Server Safety for Microsoft Home windows Server 8.0.12010.0 (launched on December 16, 2021)
- ESET File Safety for Microsoft Home windows Server 7.3.12008.0 (launched on January 12, 2022)
- ESET Safety for Microsoft SharePoint Server 8.0.15006.0 (launched on December 16, 2021)
- ESET Safety for Microsoft SharePoint Server 7.3.15002.0 (launched on January 12, 2022)
- ESET Mail Safety for IBM Domino 8.0.14006.0 (launched on December 16, 2021)
- ESET Mail Safety for IBM Domino 7.3.14003.0 (launched on January 26, 2021)
- ESET Mail Safety for Microsoft Trade Server 8.0.10018.0 (launched on December 16, 2021)
- ESET Mail Safety for Microsoft Trade Server 7.3.10014.0 (launched on January 26, 2022)
In December 2021, a collection of patches for this bug had already been launched, and never solely that even they’ve additionally launched one other batch of patches in January 2022 for all of the older variations of Home windows merchandise.
Aside from this, by merely disabling the Allow superior scanning through AMSI choice from the settings, this concern could be fastened, and ESET has really useful customers to make use of this workaround provided that they aren’t capable of set up the out there patches.
You’ll be able to observe us on Linkedin, Twitter, Facebook for each day Cybersecurity updates.
[ad_2]
Source link