ESET has released a bunch of product updates across the stack which fix a local privilege escalation (LPE) vulnerability that affected its products. The problem stemmed in the Windows Antimalware Scan Interface (AMSI) scanning feature, and the exploitation of it by threat actors could lead to LPE.
The firm says:
[...] an attacker who is able to get SeImpersonatePrivilege can misuse the AMSI scanning feature to elevate to NT AUTHORITY\SYSTEM in some cases.
ESET was made aware of the flaw by Trend Micro's Zero Day Initiative (ZDI) and the vulnerability has been assigned the ID CVE-2021-37852.
The following builds of the respective ESET products have the problem patched and ESET has encouraged users to update to these product versions:
-
ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security and ESET Smart Security 15.0.19.0 (released on December 8, 2021)
-
ESET Endpoint Antivirus for Windows and ESET Endpoint Security for Windows 9.0.2032.6 and 9.0.2032.7 (released on December 16, 2021)
-
ESET Endpoint Antivirus for Windows and ESET Endpoint Security for Windows 8.0.2028.3, 8.0.2028.4, 8.0.2039.3, 8.0.2039.4, 8.0.2044.3, 8.0.2044.4, 8.1.2031.3, 8.1.2031.4, 8.1.2037.9 and 8.1.2037.10 (released on January 25, 2022)
-
ESET Endpoint Antivirus for Windows and ESET Endpoint Security for Windows 7.3.2055.0 and 7.3.2055.1 (released on January 31, 2022)
-
ESET Server Security for Microsoft Windows Server 8.0.12010.0 (released on December 16, 2021)
-
ESET File Security for Microsoft Windows Server 7.3.12008.0 (released on January 12, 2022)
-
ESET Security for Microsoft SharePoint Server 8.0.15006.0 (released on December 16, 2021)
-
ESET Security for Microsoft SharePoint Server 7.3.15002.0 (released on January 12, 2022)
-
ESET Mail Security for IBM Domino 8.0.14006.0 (released on December 16, 2021)
-
ESET Mail Security for IBM Domino 7.3.14003.0 (released on January 26, 2021)
-
ESET Mail Security for Microsoft Exchange Server 8.0.10018.0 (released on December 16, 2021)
-
ESET Mail Security for Microsoft Exchange Server 7.3.10014.0 (released on January 26, 2022)
Users of ESET Server Security for Microsoft Azure are advised to upgrade ESET File Security for Microsoft Azure to the latest version of ESET Server Security for Microsoft Windows Server.
You can find more information on ESET's support page here.
ESET releases crucial product updates that fix security vulnerabilities for Windows AMSI
- aum and kkwong7878
- 2
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.