all InfoSec news
Micropatching Arbitrary File Delete Vulnerability in Windows Backup Service (CVE-2023-21752)
Malware Analysis, News and Indicators - Latest topics malware.news
January 2023 Windows Updates brought a fix for a local privilege escalation vulnerability in Windows Backup Service, discovered and reported by Filip Dragovic. The vulnerability allows a non-admin user on the machine to execute arbitrary code as Local System and thereby take over the computer.
The Backup Service
The intended use of the Backup Service is through local user interface of the legacy "Backup and Restore (Windows 7)" component, still existing on all Windows 10 and Windows …
backup backup and restore backup service code computer cve delete escalation file fix january legacy local local privilege escalation machine non privilege privilege escalation restore service system updates user interface vulnerability windows windows 7 windows updates