This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the User Profile Service. By creating a directory junction, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Windows User Account Profile Picture Elevation of Privilege Vulnerability
KB5005040: Windows 10 version 1507 LTS Security Update (August 2021)
KB5005043: Windows 10 Version 1607 and Windows Server 2016 Security Update (August 2021)
KB5005030: Windows 10 Version 1809 and Windows Server 2019 Security Update (August 2021)
KB5005033: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (August 2021)
Microsoft and Adobe Patch Tuesday (August 2021) – Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities
Patch Tuesday - August 2021