You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
refs vulnerability
About this tag
The refs vulnerability tag covers discussions about security flaws in Microsoft's Resilient File System (ReFS), including CVE-2025-62456, a high-severity heap-based buffer overflow that could enable remote code execution. Content under this tag focuses on urgent patch guidance, technical analysis of the vulnerability, and mitigation steps for Windows systems using ReFS. Topics include the nature of the exploit, affected configurations, and recommended actions for administrators to secure their environments. The tag is relevant for IT professionals and security researchers monitoring ReFS-related threats and Microsoft's security advisories.
Microsoft has patched CVE-2026-50501, a high-severity Windows Resilient File System vulnerability that can allow an unauthenticated attacker to execute code after a user interacts with attacker-controlled content. The flaw affects Windows 11 versions 24H2, 25H2, and 26H1, as well as Windows...
Microsoft’s July 14, 2026 security updates fix CVE-2026-50492, a heap-based buffer overflow in the Windows Resilient File System that can let an unauthenticated attacker execute code after gaining physical access to a vulnerable machine. Despite Microsoft naming it a “Remote Code Execution...
Microsoft has patched CVE-2026-50362, a heap-based buffer overflow in the Windows Resilient File System that can let an unauthorized attacker execute code after a user interacts with malicious content. The flaw carries a CVSS 3.1 score of 7.8 and affects supported Windows client and server...
CVE-2026-50441, a newly patched elevation-of-privilege vulnerability in the Windows Resilient File System, can allow a locally authenticated attacker to gain higher permissions through an untrusted pointer dereference. Microsoft addressed the flaw in its July 14, 2026 security updates across...
CVE-2026-50357, a Windows Resilient File System elevation-of-privilege vulnerability fixed in Microsoft’s July 14, 2026 security updates, allows a locally authenticated attacker to execute code with substantially greater control over an affected machine. Microsoft rates the flaw Important, while...
CVE-2026-50318 exposes Windows Resilient File System code to a local privilege-escalation attack, allowing a low-privileged attacker to potentially gain extensive control over an affected Windows machine. Microsoft fixed the flaw in its July 14, 2026 security updates, making prompt deployment...
CVE-2026-49793, a heap-based buffer overflow in the Windows Resilient File System, has been fixed across supported Windows 10, Windows 11, and Windows Server releases in Microsoft’s July 14, 2026 security updates. Despite Microsoft’s “Remote Code Execution” vulnerability title, the published...
CVE-2026-49792, an Important-rated flaw in the Windows Resilient File System, can let an authenticated local attacker execute code on affected Windows 10, Windows 11, and Windows Server systems. Microsoft addressed the vulnerability in its July 14, 2026 security updates, and administrators...
Microsoft’s security trackers list a newly published ReFS vulnerability — CVE-2025-62456 — as a high‑severity, heap‑based buffer‑overflow that can lead to remote code execution when the Resilient File System (ReFS) processes specially crafted inputs, and operators should treat the advisory as...