Summary
A report of a local privilege escalation vulnerability was submitted to ESET by the Zero Day Initiative (ZDI). The vulnerability potentially allowed an attacker to misuse ESET’s file operations, as performed by the Real-time file system protection, to delete files without having proper permission.
Details
The vulnerability in file operations handling, performed by the Real-time file system protection feature on the Windows operating system, potentially allowed an attacker with an ability to execute low-privileged code on the target system to delete arbitrary files as NT AUTHORITY\SYSTEM, escalating their privileges.
The reserved CVE ID for this vulnerability is CVE-2024-0353. The CVSS v3.1 score is 7.8 with the following CVSS vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
To the best of our knowledge, this vulnerability has not been exploited in the wild.
Solution
ESET prepared fixed builds of its consumer, business and server security products for the Windows operating system and recommends upgrading to these or scheduling the upgrades in the near future. The fixed builds are available in the Download section or via the ESET Repository.
- ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate 17.0.10.0 and later
- ESET Endpoint Antivirus for Windows and ESET Endpoint Security for Windows 11.0.2032.0, 10.1.2063.0, 10.0.2052.0, 9.1.2071.0, 8.1.2062.0 and later from the respective version family
- ESET Server Security for Windows Server (formerly File Security for Microsoft Windows Server) 10.0.12015.0, 9.0.12019.0, 8.0.12016.0, 7.3.12013.0 and later from the respective version family
- ESET Mail Security for Microsoft Exchange Server 10.1.10014.0, 10.0.10018.0, 9.0.10012.0, 8.0.10024.0, 7.3.10018.0 and later from the respective version family
- ESET Mail Security for IBM Domino 10.0.14007.0, 9.0.14008.0, 8.0.14014.0, 7.3.14006.0 and later from the respective version family
- ESET Security for Microsoft SharePoint Server 10.0.15005.0, 9.0.15006.0, 8.0.15012.0, 7.3.15006.0 and later from the respective version family
- ESET File Security for Microsoft Azure customers should migrate to the latest version of ESET Server Security for Microsoft Windows Server
Affected programs and versions
- ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate 16.2.15.0 and earlier
- ESET Endpoint Antivirus for Windows and ESET Endpoint Security for Windows 10.1.2058.0, 10.0.2049.0, 9.1.2066.0, 8.1.2052.0 and earlier from the respective version family
- ESET Server Security for Windows Server (formerly File Security for Microsoft Windows Server) 10.0.12014.0, 9.0.12018.0, 8.0.12015.0, 7.3.12011.0 and earlier from the respective version family
- ESET Mail Security for Microsoft Exchange Server 10.1.10012.0, 10.0.10017.0, 9.0.10011.0, 8.0.10022.0, 7.3.10014.0 and earlier from the respective version family
- ESET Mail Security for IBM Domino 10.0.14006.0, 9.0.14007.0, 8.0.14010.0, 7.3.14004.0 and earlier from the respective version family
- ESET Security for Microsoft SharePoint Server 10.0.15004.0, 9.0.15005.0, 8.0.15011.0, 7.3.15004.0 and earlier from the respective version family
- ESET File Security for Microsoft Azure (all versions)
Feedback & Support
If you have feedback or questions about this issue, contact us via the ESET Security Forum or local ESET Technical Support.
Acknowledgment
ESET values the principles of coordinated disclosure within the security industry and would like to express our thanks to Nicholas Zubrisky and Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative.
Version log
Version 1.1 (March 27, 2024): Added information about a fix in Cleaner module update
Version 1.0 (February 14, 2024): Initial version of this document
