Security
Headlines
HeadlinesLatestCVEs

Tag

#Windows Resilient File System (ReFS)

CVE-2024-49093: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

**According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

Microsoft Security Response Center
#vulnerability#windows#Windows Resilient File System (ReFS)#Security Vulnerability
CVE-2024-43500: Windows Resilient File System (ReFS) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

CVE-2023-36701: Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-32008: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?** An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.

CVE-2023-32008: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?** An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.

CVE-2023-23418: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-23419: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-38003: Windows Resilient File System Elevation of Privilege

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2022-21928: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

**According to the score, the attack vector is Physical. How would an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker with physical access to a vulnerable system could insert a specially crafted USB device. **Are there additional attack vectors?** This vulnerability can also be exploited through a Local attack vector. An attacker authenticated as an administrator on a vulnerable system could mount a specially crafted virtual hard drive (VHD) to exploit the system. This scenario results in a lower CVSS score which is why the primary attack vector is listed as Physical in our documentation.