Yesterday, which coincided with the classic Tuesday Patch, a security patch of Azure File Sync agent versions 16 and 17 was released, which resolves the CVE-2024-21397 – classified 5.3 – where an unauthorized users they could create new files even if they don’t have permission to do so.
The update is only available from Windows Update or from the Microsoft Catalog and a server restart is required.
Get Started
Azure File Sync Agent 17.1 – Azure File Sync Agent v17.1 Release – February 2024 (Security-only update) – Microsoft Support
Azure File Sync Agent 16.2 – Azure File Sync Agent v16.2 Release – February 2024 (Security-only update) – Microsoft Support