ESET Issued security patch for privilege escalation flaw in its Windows security products. This flaw, called CVE-2024-2003 (CVSS 7.3), was found by the Zero Day Initiative (ZDI). It could have let attackers gain access to important files and folders without permission.
The vulnerability exploited ESET’s file operations while restoring quarantined files. Attackers could manipulate this process to create or overwrite any files, potentially granting them administrative control over the system. This privilege escalation is a significant security risk, as it enables malicious actors to circumvent safeguards and unleash chaos on a compromised machine.
By infosecbulletin
/ Friday , June 28 2024
Researchers said, threat actor exploiting vulnerabilities in Oracle WebLogic Server, notably CVE-2017-3506 and CVE-2023-21839 to deploy cryptocurrency miners via PowerShell...
Read More
By infosecbulletin
/ Friday , June 28 2024
In a statement On Wednesday, 26 June 2024, team viewer said, "our security team detected an irregularity in TeamViewer’s internal...
Read More
By infosecbulletin
/ Friday , June 28 2024
GitLab, a platform for DevOps tools, released critical updates for its Community Edition (CE) and Enterprise Edition (EE). The new...
Read More
By infosecbulletin
/ Thursday , June 27 2024
Several vulnerabilities have been found in the TP-Link Omada system, which is a popular software-defined networking solution for small to...
Read More
By infosecbulletin
/ Thursday , June 27 2024
Evolve Bank & Trust experienced a cybersecurity incident. The bank confirmed that cybercriminals obtained and shared customers' personal information on...
Read More
By infosecbulletin
/ Thursday , June 27 2024
According to digital risk management firm Athenian Technology, BSNL, India's state-owned telecom provider, suffered a significant data breach. A cybercriminal...
Read More
By infosecbulletin
/ Wednesday , June 26 2024
Over 100,000 websites were compromised in a recent supply chain attack. The attack injected malware into the popular Polyfill JS...
Read More
By infosecbulletin
/ Wednesday , June 26 2024
A hacker changed the code of five plugins on WordPress.org to add harmful PHP scripts that make new admin accounts...
Read More
By infosecbulletin
/ Wednesday , June 26 2024
CISA released two advisories about Industrial Control Systems (ICS) on June 25, 2024. The advisories contain important information about security...
Read More
By infosecbulletin
/ Tuesday , June 25 2024
CISA warns that its Chemical Security Assessment Tool (CSAT) was hacked in January. Hackers used a webshell on the Ivanti...
Read More
Proactive Response from ESET
ESET quickly addressed the problem by releasing a fix in the Antivirus and antispyware scanner module 1610. The fix was automatically distributed to customers through regular updates from April 2024. This proactive response protected most users from the flaw before anyone could exploit it.
Who Was Affected?
The vulnerability affected a wide range of ESET products for Windows, including:
ESET NOD32 Antivirus
ESET Internet Security
ESET Smart Security Premium
ESET Security Ultimate
ESET Endpoint Security for Windows
ESET Server Security for Windows Server
ESET Mail Security for Microsoft Exchange Server
ESET Mail Security for IBM Domino
…and several other ESET business and enterprise solutions.
What Do Users Need to Do?
ESET customers who keep their products updated are already safe and don’t need to do anything else. New installations should use the latest installers from ESET’s website or repository.
20% of malware attacks bypass antivirus protection