CVE-2023-21752; allows a basic user to execute arbitrary code on a host to delete files from [a] specified storage path, from Windows Backup and Restore service.
The vulnerability is triggered using the Race Condition between temporary file creation and deletion, which takes place following the authentication process.
https://cloudsek.com/threatintelligence/cve-2023-21752-privilege-escalation-vulnerability-on-windows-backup-service
https://www.infosecurity-magazine.com/news/hackers-exploit-flaw-windows/
https://t.me/cKure/12129