CVE-2021-26887

Name of the Vulnerable Software and Affected Versions: Microsoft Windows (affected versions not specified)

Description: The issue is related to the implementation of the Folder Redirection technology in Microsoft Windows, which is associated with insecure privilege management. An attacker who successfully exploits this issue could gain elevated privileges, allowing them to redirect another user's personal data to a created folder. This can be achieved by creating a new folder under the Folder Redirection root path and creating a junction on a newly created User folder. When a new user logs in, Folder Redirection would start redirecting to the folder and copying personal data.

Recommendations: To address this issue, reconfigure Folder Redirection with Offline files and restrict permissions. This can be done by following the configuration guidance provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.