CVE-2020-16852

Name of the Vulnerable Software and Affected Versions: OneDrive for Windows (affected versions not specified)

Description: The issue is related to the improper handling of symbolic links by the OneDrive for Windows Desktop application. This could allow an attacker to overwrite a targeted file with an elevated status by running a specially crafted application. The attacker would first need to log on to the system to exploit this issue.

Recommendations: To resolve the issue, apply the update that corrects where the OneDrive updater performs file writes while running with elevation. At the moment, there is no information about specific versions that contain a fix for this vulnerability, so ensure to apply the latest available update.