Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-21960: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

According to the score, the attack vector is Physical. How would an attacker exploit this vulnerability?

To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device.

Are there additional attack vectors?

This vulnerability can also be exploited through a Local attack vector. An attacker authenticated as an administrator on a vulnerable system could mount a specially crafted virtual hard drive (VHD) to exploit the system. This scenario results in a lower CVSS score which is why the primary attack vector is listed as Physical in our documentation.

Microsoft Security Response Center
#vulnerability#windows#Windows Resilient File System (ReFS)#Security Vulnerability

Microsoft Security Response Center: Latest News

CVE-2024-49060: Azure Stack HCI Elevation of Privilege Vulnerability