CVE-2021-37852: 
NixOS vulnerability analysis and mitigation

CVE-2021-37852 is a local privilege escalation vulnerability affecting ESET products for Windows. The vulnerability was discovered in November 2021 and publicly disclosed on January 31, 2022. The issue affects multiple ESET products including ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, and ESET Endpoint Security running on Windows 10 and later or Windows Server 2016 and later versions (ESET Advisory).

The vulnerability allows an untrusted process to impersonate the client of a pipe, which can be leveraged by an attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM. The issue specifically involves the misuse of the AMSI scanning feature in specific cases. The vulnerability has been assigned a CVSS v3 score of 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) (ZDI Advisory).

If successfully exploited, an attacker who has SeImpersonatePrivilege can elevate their privileges to NT AUTHORITY\SYSTEM level. The SeImpersonatePrivilege is by default available to the local Administrators group and the device's Local Service accounts, which are already highly privileged (ESET Advisory).

ESET has released fixed versions of their products to address this vulnerability. As an alternative mitigation, users can disable the 'Enable advanced scanning via AMSI' option in ESET products' Advanced setup, though ESET strongly recommends upgrading to a fixed product version. The vulnerability was fixed in various product versions including ESET NOD32 Antivirus 15.0.19.0, ESET Endpoint Security 9.0.2032.6, and other corresponding product versions (ESET Advisory).