CVE-2026-23673 is an out-of-bounds read vulnerability classified under CWE-125, discovered in the Windows Resilient File System (ReFS) implementation on Windows 10 Version 1607 (build 10.0.14393.0). The vulnerability arises when the ReFS driver improperly handles memory boundaries during file system operations, allowing an attacker with local authenticated access to read memory outside the allocated buffer. This can lead to information disclosure and potentially enable privilege escalation by corrupting memory or bypassing security checks. The attack vector requires local access with limited privileges (PR:L), no user interaction (UI:N), and has low attack complexity (AC:L). The vulnerability impacts confidentiality, integrity, and availability (C:H/I:H/A:H), making it a critical concern for affected systems. Although no public exploits have been reported, the vulnerability's nature suggests that attackers could leverage it to gain SYSTEM-level privileges, compromising the entire system. The vulnerability is specific to an older Windows 10 build, which limits its prevalence but still affects organizations that have not upgraded or patched legacy systems. Microsoft has not yet released a patch, so mitigation currently relies on limiting local access and monitoring for suspicious activity.

The impact of CVE-2026-23673 is significant for organizations still running Windows 10 Version 1607, particularly those using the ReFS file system. Successful exploitation allows an attacker with local access to escalate privileges to SYSTEM level, potentially leading to full system compromise. This can result in unauthorized access to sensitive data, disruption of critical services, and the ability to deploy further malware or ransomware. The vulnerability affects confidentiality by exposing memory contents, integrity by allowing privilege escalation, and availability by potentially causing system instability or crashes. Organizations with legacy systems in critical infrastructure, government, healthcare, and financial sectors face heightened risks. The lack of a patch increases the window of exposure, and the ease of exploitation with low complexity makes it attractive for attackers. Although exploitation requires local access, insider threats or attackers who gain initial footholds through other means could leverage this vulnerability to deepen their control.

To mitigate CVE-2026-23673, organizations should prioritize upgrading from Windows 10 Version 1607 to a supported and patched version of Windows. Until a patch is released, restrict local access to trusted users only and enforce strict access controls on systems running ReFS. Implement robust endpoint detection and response (EDR) solutions to monitor for unusual privilege escalation attempts or memory access patterns. Employ application whitelisting and least privilege principles to limit the ability of attackers to execute arbitrary code locally. Regularly audit and review user accounts and permissions to minimize the risk of unauthorized local access. Network segmentation can help contain potential compromises. Additionally, maintain up-to-date backups and incident response plans to recover quickly if exploitation occurs. Once Microsoft releases a security update, apply it promptly to eliminate the vulnerability.