Friday , June 28 2024
eset

ESET Issues Security Patch for Privilege Escalation Flaw

infosecbulletin 5 days ago Vulnerabilities

ESET Issued security patch for privilege escalation flaw in its Windows security products. This flaw, called CVE-2024-2003 (CVSS 7.3), was found by the Zero Day Initiative (ZDI). It could have let attackers gain access to important files and folders without permission.

The vulnerability exploited ESET’s file operations while restoring quarantined files. Attackers could manipulate this process to create or overwrite any files, potentially granting them administrative control over the system. This privilege escalation is a significant security risk, as it enables malicious actors to circumvent safeguards and unleash chaos on a compromised machine.

Threat actor exploit vulnerabilities in Oracle WebLogic Server

By infosecbulletin / Friday , June 28 2024
Researchers said, threat actor exploiting vulnerabilities in Oracle WebLogic Server, notably CVE-2017-3506 and CVE-2023-21839 to deploy cryptocurrency miners via PowerShell...
Read More
Threat actor exploit vulnerabilities in Oracle WebLogic Server

TeamViewer’s internal corporate IT environment faced “irregularity “

By infosecbulletin / Friday , June 28 2024
In a statement On Wednesday, 26 June 2024, team viewer said, "our security team detected an irregularity in TeamViewer’s internal...
Read More
TeamViewer’s internal corporate IT environment faced “irregularity “

GitLab issues Critical Patches to Address Multiple Vulnerabilities

By infosecbulletin / Friday , June 28 2024
GitLab, a platform for DevOps tools, released critical updates for its Community Edition (CE) and Enterprise Edition (EE). The new...
Read More
GitLab issues Critical Patches to Address Multiple Vulnerabilities

Multiple TP-Link Omada Vulnerabilities found

By infosecbulletin / Thursday , June 27 2024
Several vulnerabilities have been found in the TP-Link Omada system, which is a popular software-defined networking solution for small to...
Read More
Multiple TP-Link Omada Vulnerabilities found

Evolve Bank Confirms Data Breach, Customer Info Exposed

By infosecbulletin / Thursday , June 27 2024
Evolve Bank & Trust experienced a cybersecurity incident. The bank confirmed that cybercriminals obtained and shared customers' personal information on...
Read More
Evolve Bank Confirms Data Breach, Customer Info Exposed

BSNL Data Breach: Data worth 278GB leaked: Report claim

By infosecbulletin / Thursday , June 27 2024
According to digital risk management firm Athenian Technology, BSNL, India's state-owned telecom provider, suffered a significant data breach. A cybercriminal...
Read More
BSNL Data Breach: Data worth 278GB leaked: Report claim

Polyfill supply chain attack hits 100K+ web sites

By infosecbulletin / Wednesday , June 26 2024
Over 100,000 websites were compromised in a recent supply chain attack. The attack injected malware into the popular Polyfill JS...
Read More
Polyfill supply chain attack hits 100K+ web sites

Patch soon! 5 WordPress Plugins Backdoored

By infosecbulletin / Wednesday , June 26 2024
A hacker changed the code of five plugins on WordPress.org to add harmful PHP scripts that make new admin accounts...
Read More
Patch soon! 5 WordPress Plugins Backdoored

CISA issued two advisories for industrial control systems

By infosecbulletin / Wednesday , June 26 2024
CISA released two advisories about Industrial Control Systems (ICS) on June 25, 2024. The advisories contain important information about security...
Read More
CISA issued two advisories for industrial control systems

CISA confirms hackers possibly access CSAT January incident

By infosecbulletin / Tuesday , June 25 2024
CISA warns that its Chemical Security Assessment Tool (CSAT) was hacked in January. Hackers used a webshell on the Ivanti...
Read More
CISA confirms hackers possibly access CSAT January incident

Proactive Response from ESET

ESET quickly addressed the problem by releasing a fix in the Antivirus and antispyware scanner module 1610. The fix was automatically distributed to customers through regular updates from April 2024. This proactive response protected most users from the flaw before anyone could exploit it.

Who Was Affected?

The vulnerability affected a wide range of ESET products for Windows, including:

ESET NOD32 Antivirus
ESET Internet Security
ESET Smart Security Premium
ESET Security Ultimate
ESET Endpoint Security for Windows
ESET Server Security for Windows Server
ESET Mail Security for Microsoft Exchange Server
ESET Mail Security for IBM Domino
…and several other ESET business and enterprise solutions.

What Do Users Need to Do?

ESET customers who keep their products updated are already safe and don’t need to do anything else. New installations should use the latest installers from ESET’s website or repository.

20% of malware attacks bypass antivirus protection

Check Also

VMware

VMware Patche vCenter Server, Cloud Foundation and vSphere ESXi

VMware has fixed critical security flaws in Cloud Foundation, vCenter Server, and vSphere ESXi. These …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin