CVE-2017-0143

Confirmed PUBLISHED

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;...

Microsoft Corporation · Windows SMB
Exploited in the wild Used in malware PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
8.8 High EPSS 93.3%

At a Glance

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

ransomware cisa microsoft malware metasploit windows
CVE Published
Mar 17, 2017
Exploitation Reported
Nov 03, 2021
CVSS
8.8 High
EPSS
93.3%
Remote Low complexity No user interaction

Affected Versions

Vendor Product Version Status
Microsoft Corporation
Windows SMB

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607

Affected

CVE References

  • 41891 exploit-db.com · Exploit https://www.exploit-db.com/exploits/41891/
  • 41987 exploit-db.com · Exploit https://www.exploit-db.com/exploits/41987/
  • 43970 exploit-db.com · Exploit https://www.exploit-db.com/exploits/43970/
  • 96703 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/96703
  • 1037991 securitytracker.com · VDB Entry http://www.securitytracker.com/id/1037991
Show 6 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.