all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Micropatching Arbitrary File Delete Vulnerability in Windows Backup Service (CVE-2023-21752)

Add to bookmarks
Jan. 31, 2023, 4:45 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

 

January 2023 Windows Updates brought a fix for a local privilege escalation vulnerability in Windows Backup Service, discovered and reported by Filip Dragovic. The vulnerability allows a non-admin user on the machine to execute arbitrary code as Local System and thereby take over the computer.

 

The Backup Service

The intended use of the Backup Service is through local user interface of the legacy "Backup and Restore (Windows 7)" component, still existing on all Windows 10 and Windows …

backup backup and restore backup service code computer cve delete escalation file fix january legacy local local privilege escalation machine non privilege privilege escalation restore service system updates user interface vulnerability windows windows 7 windows updates

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Triaging Files on VirusTotal 5 hours ago | malware.news
malware analysis topic
Win 95, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland... - SWN #379 17 hours ago | malware.news
article frontier kubernetes lastpass +4
5.3M World-Check records may be leaked; how to check your records 17 hours ago | malware.news
access article check claim +11
More on the PAN-OS CVE-2024-3400 17 hours ago | malware.news
alto april customer cve +29
LabHost Phishing Platform is Latest Target of International Law Agencies 18 hours ago | malware.news
as-a-service countries cybercriminal disrupt +19
Active adversary report: Ransomware hit a ceiling, but security teams at risk for more pain 18 hours ago | malware.news
active adversary adversary article attacks +8
The CVE's They are A-Changing!, (Wed, Apr 17th) 19 hours ago | malware.news
changing cve downloads feed +7
Akira takes in $42 million in ransom payments, now targets Linux servers 19 hours ago | malware.news
akira article critical functions +12
How to Determine Causal Effects when A/B Tests are Infeasible through Adopter Analysis 21 hours ago | malware.news
analysis article blog global +6

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Staff DFIR Investigator

@ SentinelOne | United States - Remote
View on infosec-jobs.com

Senior Consultant.e (H/F) - Product & Industrial Cybersecurity

@ Wavestone | Puteaux, France
View on infosec-jobs.com

Information Security Analyst

@ StarCompliance | York, United Kingdom, Hybrid
View on infosec-jobs.com

Senior Cyber Security Analyst (IAM)

@ New York Power Authority | White Plains, US
View on infosec-jobs.com
View more jobs