CVE-2017-8464

Confirmed PUBLISHED

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT...

Microsoft Corporation · Windows Shell
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
8.8 High

At a Glance

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."

windows microsoft cisa metasploit
CVE Published
Jun 15, 2017
Exploitation Reported
Feb 10, 2022
CVSS
8.8 High
EPSS
Remote Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
Microsoft Corporation
Windows Shell

Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016

Affected

CVE References

  • 42382 exploit-db.com · Exploit https://www.exploit-db.com/exploits/42382/
  • 42429 exploit-db.com · Exploit https://www.exploit-db.com/exploits/42429/
  • 1038671 securitytracker.com · VDB Entry http://www.securitytracker.com/id/1038671
  • 98818 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/98818
  • portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464 portal.msrc.microsoft.com · CVE Record https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CV...

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.