Cyber Resilience

CVE-2017-0101

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 17 March 2017

Published
17 March 2017
Modified
22 April 2026
KEV Added
15 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.7226 98.8th percentile
Risk Priority 79 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-0101 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Microsoft Windows 7. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

The vulnerability is an elevation of privilege flaw, tracked as CVE-2017-0101, residing in the kernel-mode drivers of the Transaction Manager component. It affects Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold/1511/1607, and Windows Server 2016. The issue is classified under CWE-119 and carries a CVSS 3.1 score of 7.8.

Local attackers can exploit the flaw by running a specially crafted application on an affected system, enabling them to gain elevated privileges without requiring prior authentication or user interaction beyond executing the application.

The Microsoft Security Response Center advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0101 supplies official guidance and patches. Public exploit code is available via Exploit-DB entry 44479, indicating that proof-of-concept material has been released.

EU & UK References

Vulnerability details

The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server…

more

2016 allow local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."

CWE(s)
KEV Date Added
15 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 7
all versions
microsoft
windows server 2008
all versions
microsoft
windows vista
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patch that eliminates the Transaction Manager kernel flaw before local exploitation can succeed.

prevent

Enforces execution of the crafted application under the lowest possible privileges, limiting the scope of any resulting elevation.

prevent

Activates memory-protection mechanisms that can block the buffer-overrun technique (CWE-119) used to corrupt kernel structures.

References