Описание
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
FAQ
According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?
An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.
Although the CVSS metric is local (AV:L), are there additional attack vectors?
This vulnerability could also be exploited through a physical attack vector. An attacker with physical access to a vulnerable system could insert a specially crafted USB device into the machine.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows 10 for 32-bit Systems | ||
| Windows 10 for x64-based Systems | ||
| Windows Server 2016 | ||
| Windows 10 Version 1607 for 32-bit Systems | ||
| Windows 10 Version 1607 for x64-based Systems | ||
| Windows Server 2016 (Server Core installation) | ||
| Windows 10 Version 1809 for 32-bit Systems | ||
| Windows 10 Version 1809 for x64-based Systems | ||
| Windows 10 Version 1809 for ARM64-based Systems | ||
| Windows Server 2019 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.8 High
CVSS3
Связанные уязвимости
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Уязвимость файловой системы Resilient File System (ReFS) операционных систем Windows, позволяющая нарушителю выполнить произвольный код
EPSS
7.8 High
CVSS3