← Back

CVE-2024-49093

nvd nist
Published: Dec 12, 2024Modified: Jan 8, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Exploitability: 2.0 / Impact: 6.0
Source: secure@microsoft.com (Secondary)

Description

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Affected (2)

Microsoft
2 products
Windows 11 24h2
Windows Server 2025
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Windows 11 24h2
Before 10.0.26100.2605
Windows Server 2025
Before 10.0.26100.2605

Related CWEs

CWE-681
Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

References (1)

Source: secure@microsoft.com
Vendor Advisory

Timeline

No history available yet.