CVE-2017-0101
Published: 17 March 2017
Summary
CVE-2017-0101 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Microsoft Windows 7. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
The vulnerability is an elevation of privilege flaw, tracked as CVE-2017-0101, residing in the kernel-mode drivers of the Transaction Manager component. It affects Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold/1511/1607, and Windows Server 2016. The issue is classified under CWE-119 and carries a CVSS 3.1 score of 7.8.
Local attackers can exploit the flaw by running a specially crafted application on an affected system, enabling them to gain elevated privileges without requiring prior authentication or user interaction beyond executing the application.
The Microsoft Security Response Center advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0101 supplies official guidance and patches. Public exploit code is available via Exploit-DB entry 44479, indicating that proof-of-concept material has been released.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-0468
Vulnerability details
The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server…
more
2016 allow local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
- CWE(s)
- KEV Date Added
- 15 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patch that eliminates the Transaction Manager kernel flaw before local exploitation can succeed.
Enforces execution of the crafted application under the lowest possible privileges, limiting the scope of any resulting elevation.
Activates memory-protection mechanisms that can block the buffer-overrun technique (CWE-119) used to corrupt kernel structures.