ESET antivirus bug let attackers gain Windows SYSTEM privileges

From bleepingcomputer.com

ESET antivirus bug let attackers gain Windows SYSTEM privileges

Slovak internet security firm ESET released security fixes to address a high severity local privilege escalation vulnerability affecting multiple products on systems running Windows 10 and later or Windows Server 2016 and above.

The flaw (CVE-2021-37852) was reported by Michael DePlante of Trend Micro’s Zero Day Initiative, and it enables attackers to escalate privileges to NT AUTHORITY\SYSTEM account rights (the highest level of privileges on a Windows system) using the Windows Antimalware Scan Interface (AMSI).

Read more…