CVE-2020-16851

Name of the Vulnerable Software and Affected Versions: OneDrive for Windows Desktop (affected versions not specified)

Description: The issue arises from the improper handling of symbolic links by the OneDrive for Windows Desktop application, leading to a potential elevation of privilege. An attacker, after logging on to the system, could exploit this by running a specially crafted application to overwrite or delete targeted files with elevated status. The estimated number of potentially affected devices worldwide is not provided, and there is no information about real-world incidents where this issue was exploited.

Recommendations: To resolve the issue, apply the update that corrects where the OneDrive updater performs file writes while running with elevation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.