Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2017-0144
PUBLISHEDThe SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;...
- Vendor
- Microsoft Corporation
- Product
- Windows SMB
- Published
- Mar 17, 2017
- EPSS
- —
Description
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:M/Au:N/C:C/I:C/A:C
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
References
- https://www.exploit-db.com/exploits/42031/
- https://www.exploit-db.com/exploits/42030/
- https://www.exploit-db.com/exploits/41891/
- http://www.securitytracker.com/id/1037991
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0144
- https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
- https://www.exploit-db.com/exploits/41987/
- http://www.securityfocus.com/bid/96704
- https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf
- http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html
- http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Feb 10, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/smb_doublepulsar_rce.rb | Apr 29, 2025 |
Recent mentions
Tenable Blog · May 27, 2026
Tenable Research has developed a graph-based model linking 600+ threat groups to real-world customer exposures. It reveals which vulnerabilities sit at the intersection of severity, active exploitation, and organizational risk.Key takeawaysThe "patch everything" strategy is dead: Vulnerability prioritization based on exploitation risk offers a path forward. A directed graph model linking 600+ threat actors to vulnerabilities in 7,800 customer environments reveals that 68% of organizations carry at least one CVE previously exploited by a named adversary, and 321 tracked threat groups can reach at least one customer environment through an active vulnerability. Prevalence of "Elite Arsenal" CVEs requires immediate attention: The 242 "Elite Arsenal" CVEs — those meeting all three criteria of critical VPR (≥ 9), CISA KEV listing, and documented threat group exploitation — are nearly universally present across the studied customer base, with 241 of 242 actively detected. More than half are five or more years old, and 78% of the persistently exploited core are simultaneously weaponized by nation-state APTs, commodity malware operators, and ransomware gangs. Non-CVE exposures are universally dangerous: Non-CVE exposures, including misconfigurations, weak credentials, and end-of-life software, are present in virtually 100% of studied organizations, with 60% carrying at least one that maps to a tracked threat actor's preferred techniques. Preliminary modeling suggests these exposures may confer more breach risk than CVE-linked findings, yet no industry-standard scoring infrastructure exists to prioritize them.While the first two posts in this blog series documented the accelerating vulnerability flood and the widening remediation gap, today we answer the outstanding question: Where do these forces actually collide inside customer environments? Using a directed graph model that maps more than 600 tracked threat groups to vulnerabilities observed across 7,800 organizations,...
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-04-03 07:39:43 UTC · 0 stars
LAB: TẤN CÔNG HỆ ĐIỀU HÀNH WINDOWS DỰA VÀO LỖ HỔNG GIAO THỨC SMB.
github · Created 2022-12-16 11:10:13 UTC · 0 stars
Chương trình theo dõi, giám sát lưu lượng mạng được viết bằng Python, nó sẽ đưa ra cảnh báo khi phát hiện tấn công CVE-2017-0144
github · Created 2021-03-22 09:33:51 UTC · 14 stars
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Exploit Used in Malware
-
Added to KEVIntel
-
Detected by Metasploit