Remote Code Execution Vulnerability in Microsoft Windows SMBv1 Server
CVE-2017-0146

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows Smb
Vendor: CVE Published:; 17 March 2017

Badges

💰 Ransomware👾 Exploit Exists🟣 EPSS 93%🦅 CISA Reported

What is CVE-2017-0146?

The SMBv1 server in several versions of Microsoft Windows contains a vulnerability that permits remote attackers to execute arbitrary code. This occurs when the server processes specially crafted packets. Successful exploitation could allow an attacker to gain control of the affected system, leading to potential data breaches or further network compromise. Protecting systems through timely updates and disabling the SMBv1 protocol can help mitigate the risks associated with this vulnerability.

CISA has reported CVE-2017-0146

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2017-0146 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

Windows SMB The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607