Microsoft Security Response Center Blog Alerts

CVE-2025-62456 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Published December 10, 2025

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.

Published December 10, 2025

Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Published December 10, 2025

Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Published December 10, 2025

Out-of-bounds read in Windows Defender Firewall Service allows an authorized attacker to disclose information locally.

Published December 10, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Published December 10, 2025

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Published December 9, 2025

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Published December 9, 2025

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Published December 9, 2025

Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.

Published December 9, 2025

Access of resource using incompatible type (‘type confusion’) in Microsoft Office allows an unauthorized attacker to execute code locally.