ESET has fixed a dangerous vulnerability in Windows antivirus products
By ForGeeks Antivirus company ESET has released patches that address a dangerous vulnerability in Windows products designed specifically for home users and businesses. When exploited, the breach allows privileges to be increased. As you know, the problem received the identifier CVE-2024-0353, incidentally, it was found in the file system protection function. According to ESET, a conditional attacker with low privileges can use CVE-2024-0353 to delete arbitrary files with System privileges.
“The vulnerability allows an attacker to interfere with operations that ESET antivirus products perform on files using the file system protection feature. Thus, it becomes possible to delete files without proper permissions,” the developers noted. ESET representatives also specified that the gap was pointed out by researchers from the Trend Micro ZDI team. It should be noted that currently there are no signs of CVE-2024-0353 exploitation in real cyberattacks. Endpoint and email security products are also affected by the vulnerability. Patches are available for NOD32 Antivirus, Internet Security, Smart Security Premium, Security Ultimate, Endpoint Antivirus and Endpoint Security for Windows, Server Security for Windows Server, Mail Security for Exchange Server and IBM Domino and ESET Security for SharePoint Server. According to the patch developers, users should not procrastinate on installing the patch.
