CVE-2020-9451

Name of the Vulnerable Software and Affected Versions: Acronis True Image 2020 version 24.5.22510

Description: An issue was discovered where the anti ransomware service.exe keeps a log in a folder with write permissions for unprivileged users. The logs follow a predictable pattern, allowing an unprivileged user to create a hardlink from a log file to anti ransomware service.exe. On reboot, this forces the service to try to write its log into its own process, resulting in a SHARING VIOLATION crash, which occurs on every reboot.

Recommendations: For Acronis True Image 2020 version 24.5.22510, consider restricting write permissions to the log folder to prevent unprivileged users from creating hardlinks to anti ransomware service.exe until a patch is available. As a temporary workaround, disabling the anti ransomware service.exe service until a fix is provided could mitigate the risk of the SHARING VIOLATION crash. At the moment, there is no information about a newer version that contains a fix for this issue.