CVE-2020-16972

Name of the Vulnerable Software and Affected Versions: Windows Backup Service versions (affected versions not specified) Windows Storage Services versions (affected versions not specified)

Description: The issue is related to incorrect handling of file operations by the Windows Backup Service and the virtual COM-port driver (VSPD) of the Windows Storage Services, which can allow an attacker to elevate their privileges. To exploit this, an attacker would first need to gain execution on the victim system and then run a specially crafted application. This could potentially give the attacker unauthorized access to protected information.

Recommendations: For Windows Backup Service, update the service to a version that correctly handles file operations. For Windows Storage Services, consider disabling the VSPD until a patch is available to address the file operation handling errors. As a temporary workaround, restrict access to sensitive areas of the system to minimize the risk of exploitation.