CVE-2017-8543

critical-risk

Published 2017-06-15

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".

Do I need to act?

83.8% chance of exploitation in next 30 days

EPSS score — higher than 16% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (17)

Windows 10 1507

Windows 10 1607

Windows 10 1703

Windows 7

Windows 8.1

Windows Rt 8.1

Windows Server 2008

Windows Server 2012

Windows Server 2016

Windows 10 1507

Windows 10 1511

Windows 10 1607

Windows 10 1703

Affected Vendors

Microsoft

References (7)

Broken Link http://www.securityfocus.com/bid/98824

Broken Link http://www.securitytracker.com/id/1038667

Mitigation https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543

Broken Link http://www.securityfocus.com/bid/98824

Broken Link http://www.securitytracker.com/id/1038667

Mitigation https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-...

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 27/34 · High

Exposure 19/34 · Moderate