CVE-2017-0145

Confirmed PUBLISHED

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;...

Microsoft Corporation · Windows SMB
Exploited in the wild Used in malware

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
8.8 High

At a Glance

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.

metasploit malware microsoft ransomware cisa windows
CVE Published
Mar 17, 2017
Exploitation Reported
Feb 10, 2022
CVSS
8.8 High
EPSS
Remote Low complexity No user interaction

Affected Versions

Vendor Product Version Status
Microsoft Corporation
Windows SMB

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607

Affected

CVE References

  • 41891 exploit-db.com · Exploit https://www.exploit-db.com/exploits/41891/
  • 41987 exploit-db.com · Exploit https://www.exploit-db.com/exploits/41987/
  • 1037991 securitytracker.com · VDB Entry http://www.securitytracker.com/id/1037991
  • 96705 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/96705
  • portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0145 portal.msrc.microsoft.com · CVE Record https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CV...
Show 5 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.