An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symb
Posted: Tue Oct 15, 2024 5:28 am
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.
The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.
https://msrc.microsoft.com/update-guide ... 2020-16851
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.
The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.
https://msrc.microsoft.com/update-guide ... 2020-16851