Описание
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.
FAQ
How could an attacker exploit this vulnerability?
An authenticated attacker with access to a shared folder on a system using a Resilient File System (ReFS) volume could exploit this vulnerability by running a specially crafted operation against the folder.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Server 2022 | ||
| Windows Server 2022 (Server Core installation) | ||
| Windows 11 Version 23H2 for ARM64-based Systems | ||
| Windows 11 Version 23H2 for x64-based Systems | ||
| Windows Server 2022, 23H2 Edition (Server Core installation) | ||
| Windows 11 Version 24H2 for ARM64-based Systems | ||
| Windows 11 Version 24H2 for x64-based Systems | ||
| Windows Server 2025 | ||
| Windows Server 2025 (Server Core installation) | ||
| Windows 11 Version 25H2 for ARM64-based Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8.8 High
CVSS3
Связанные уязвимости
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.
Уязвимость локальной файловой системы Windows Resilient File System операционных систем Windows, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3