Security
Headlines
HeadlinesLatestCVEs

Tag

#Windows Resilient File System (ReFS)

CVE-2025-27738: Windows Resilient File System (ReFS) Information Disclosure Vulnerability

Improper access control in Windows FileSystemWatcher allows an authorized attacker to disclose information over a network.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#auth#Windows Resilient File System (ReFS)#Security Vulnerability
CVE-2024-49093: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

**According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

CVE-2024-43500: Windows Resilient File System (ReFS) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

CVE-2023-36701: Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-32008: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?** An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.

CVE-2023-32008: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?** An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.

CVE-2023-23418: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-23419: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-38003: Windows Resilient File System Elevation of Privilege

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.