February 23, 2023 at 10:04AM

CVE-2023-21752; allows a basic user to execute arbitrary code on a host to delete files from [a] specified storage path, from Windows Backup and Restore service.

The vulnerability is triggered using the Race Condition between temporary file creation and deletion, which takes place following the authentication process.

https://cloudsek.com/threatintelligence/cve-2023-21752-privilege-escalation-vulnerability-on-windows-backup-service

https://www.infosecurity-magazine.com/news/hackers-exploit-flaw-windows/

https://t.me/cKure/12129