SecurityWeek
ESET has released patches for a high-severity elevation of privilege vulnerability in its Windows security products.
Cybersecurity firm ESET on Wednesday announced patches for a high-severity vulnerability in its consumer, business, and server security products for Windows, which could lead to elevation of privilege.
The flaw, tracked as CVE-2024-0353 (CVSS score of 7.8), was identified in the real-time file system protection feature of its products, which handles file operations.
According to the company’s advisory, an attacker with low privileges could exploit this vulnerability to delete arbitrary files with System privileges.
“The vulnerability potentially allowed an attacker to misuse ESET’s file operations, as performed by the real-time file system protection, to delete files without having proper permission,” the company says.
ESET says the security defect was reported by researchers with Trend Micro’s ZDI and that it has no evidence of in-the-wild exploitation.
