Information Disclosure in Microsoft XML Core Services across Multiple Windows Versions
CVE-2017-0022

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Xml Core Services
Vendor: CVE Published:; 17 March 2017

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 48%🦅 CISA Reported

What is CVE-2017-0022?

Microsoft XML Core Services (MSXML) in various Windows operating systems contains a vulnerability that allows attackers to access sensitive information on disk through crafted web content. This improper handling of memory can lead to leakage of files, presenting a risk to users and systems. It is crucial for users of affected Windows versions to apply the necessary security updates to mitigate potential exposure.

CISA has reported CVE-2017-0022

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2017-0022 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

XML Core Services XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2017-0022 - Proof of Concept