ESET Issues Security Patch for Privilege Escalation Flaw in Windows Products

CVE-2024-2003

ESET, a leading cybersecurity provider, has addressed a high-severity vulnerability in its range of Windows security products. The flaw, designated CVE-2024-2003 (CVSS 7.3) and discovered by the Zero Day Initiative (ZDI), could have allowed attackers to escalate privileges and gain unauthorized access to sensitive files and folders.

CVE-2024-2003

What Was the Risk?

The vulnerability exploited ESET’s file operations during the restoration of quarantined files. Attackers could manipulate this process to create or overwrite arbitrary files, potentially giving them administrative control over the system. This type of privilege escalation is a serious security threat, as it allows malicious actors to bypass protections and wreak havoc on a compromised machine.

Proactive Response from ESET

Fortunately, ESET acted swiftly to address the issue. The company has released a fix in the Antivirus and antispyware scanner module 1610, which was automatically distributed to customers through regular updates starting in April 2024. The company’s proactive response ensured that the majority of users were protected from the flaw before any malicious actors could exploit it in the wild.

Who Was Affected?

The vulnerability affected a wide range of ESET products for Windows, including:

  • ESET NOD32 Antivirus
  • ESET Internet Security
  • ESET Smart Security Premium
  • ESET Security Ultimate
  • ESET Endpoint Security for Windows
  • ESET Server Security for Windows Server
  • ESET Mail Security for Microsoft Exchange Server
  • ESET Mail Security for IBM Domino
  • …and several other ESET business and enterprise solutions.

What Do Users Need to Do?

Existing ESET customers who regularly update their products are already protected and do not need to take any further action. New installations should utilize the latest installers available on ESET’s website or repository.