ESET Issued security patch for privilege escalation flaw in its Windows security products. This flaw, called CVE-2024-2003 (CVSS 7.3), was found by the Zero Day Initiative (ZDI). It could have let attackers gain access to important files and folders without permission.
The vulnerability exploited ESET’s file operations while restoring quarantined files. Attackers could manipulate this process to create or overwrite any files, potentially granting them administrative control over the system. This privilege escalation is a significant security risk, as it enables malicious actors to circumvent safeguards and unleash chaos on a compromised machine.
By F2
/ Tuesday , June 24 2025
The U.S. House of Representatives has banned congressional staff from using WhatsApp on government devices due to security concerns, as...
Read More
By F2
/ Tuesday , June 24 2025
Kaspersky found a new mobile malware dubbed SparkKitty in Google Play and Apple App Store apps, targeting Android and iOS....
Read More
By F2
/ Tuesday , June 24 2025
OWASP has released its AI Testing Guide, a framework to help organizations find and fix vulnerabilities specific to AI systems....
Read More
By F2
/ Tuesday , June 24 2025
In a major milestone for the country’s digital infrastructure, Axentec PLC has officially launched Axentec Cloud, Bangladesh’s first Tier-4 cloud...
Read More
By infosecbulletin
/ Monday , June 23 2025
A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication...
Read More
By infosecbulletin
/ Wednesday , June 18 2025
Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
Read More
By infosecbulletin
/ Monday , June 16 2025
SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...
Read More
Proactive Response from ESET
ESET quickly addressed the problem by releasing a fix in the Antivirus and antispyware scanner module 1610. The fix was automatically distributed to customers through regular updates from April 2024. This proactive response protected most users from the flaw before anyone could exploit it.
Who Was Affected?
The vulnerability affected a wide range of ESET products for Windows, including:
ESET NOD32 Antivirus
ESET Internet Security
ESET Smart Security Premium
ESET Security Ultimate
ESET Endpoint Security for Windows
ESET Server Security for Windows Server
ESET Mail Security for Microsoft Exchange Server
ESET Mail Security for IBM Domino
…and several other ESET business and enterprise solutions.
What Do Users Need to Do?
ESET customers who keep their products updated are already safe and don’t need to do anything else. New installations should use the latest installers from ESET’s website or repository.
20% of malware attacks bypass antivirus protection