New builds of the affected products have been created that are not vulnerable to this vulnerability. The list of affected products can be found in the ESET alert. An attacker can exploit this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.ĮSET analyzed and then verified this report. The problem results from the fact that an untrusted process can impersonate the client of a pipe.
The specific vulnerability is the use of named pipes. Then, this vulnerability can allow local attackers to escalte their privileges. ZDI writes here that an attacker must first gain the ability to execute low-privileged code on the target system to exploit this vulnerability. The SeImpersonatePrivilege is available by default to the device's local administrators group and local service accounts, which are already highly privileged, limiting the impact of this vulnerability. The vulnerability allows an attacker to abuse the AMSI scanning function in certain cases.Īccording to the Zero Day Initiative (ZDI) report, an attacker who succeeds in gaining SeImpersonatePrivilege on Windows can abuse the AMSI scanning function to gain NT AUTHORITY\SYSTEM privileges in some cases. CVE-2021-37852: Local privilege escalation vulnerabilityĮSET was notified of a potential local privilege escalation vulnerability by the Zero Day Initiative (ZDI) on November 18, 2021. In the security advisory Local privilege escalation vulnerability fixed in ESET products for Windows dated January 31, 2022, the vendor ESET clarifies the details. However, ESET now provides security updates to close the vulnerability.
This allows a local attacker to gain SYSTEM privileges from a default account. Certain antivirus products have a Local Privilege Escalation (LPE) vulnerability CVE-2021-37852 in older versions.
Slovakian antivirus vendor ESET has issued a warning for users of its Windows products.
0 kommentar(er)
