Denial of Service Vulnerability in Windows Search from Microsoft
CVE-2017-11788

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Windows Search
Vendor
CVE Published:
15 November 2017

Summary

The Windows Search feature of Microsoft operating systems allows unauthenticated attackers to remotely execute specially crafted messages that can lead to a denial of service. This arises from inadequate handling of objects in memory, potentially rendering the affected systems unresponsive. Various versions of Windows, including Windows 7 SP1 through Windows 10, as well as several Windows Server editions, are impacted by this flaw, which necessitates urgent attention to patching and remediation.

Affected Version(s)

Windows search Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709.

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039792
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101711
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.