Remote Code Execution Vulnerability in Microsoft Windows Search Services
CVE-2017-8620

8.1HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Windows Search Component
Vendor
CVE Published:
8 August 2017

Summary

Windows Search in various Microsoft operating systems and servers has a vulnerability that allows remote code execution. This occurs due to improper handling of objects in memory, enabling attackers to exploit this weakness and execute arbitrary code. Users should be aware of this vulnerability's existence and apply any available patches or mitigations to secure their systems against potential exploits.

Affected Version(s)

Microsoft Windows Search Component Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016

References

https://threatpost.com/windows-search-bug-worth-watching-...
x_refsource_MISC
http://www.securityfocus.com/bid/100034
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

EPSS Score

71% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.