CVE-2023-21752

Name of the Vulnerable Software and Affected Versions Windows Backup Service versions prior to the fixed version

Description The issue is related to errors in privilege management within the Windows Backup Service, allowing an attacker to elevate their privileges to the level of SYSTEM. This can potentially impact the system, enabling malicious activities. There have been public proofs of concept (PoCs) released, demonstrating the ability to delete any file and launch a shell with elevated privileges.

Recommendations For Windows Backup Service versions prior to the fixed version, consider disabling the vulnerable service until a patch is available to prevent potential exploitation. Restrict access to the Windows Backup Service to minimize the risk of elevation of privilege attacks. Avoid using the service for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.