CVE-2017-0213
Published: 12 May 2017
Summary
CVE-2017-0213 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.3 (High).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability CVE-2017-0213 resides in the Windows COM Aggregate Marshaler component and affects Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold/1511/1607/1703, and Windows Server 2016. It is classified as an elevation-of-privilege flaw distinct from CVE-2017-0214, with a CVSS 3.1 base score of 7.3 under the vector AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.
An attacker who can execute a specially crafted application on a vulnerable system is able to leverage the flaw to elevate privileges, potentially achieving full control over confidentiality, integrity, and availability on the host. The attack requires local access and some user interaction but does not demand high privileges or complex conditions.
Microsoft's security advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213 supplies patch information and mitigation guidance for supported platforms. Public exploit code demonstrating the issue has been published on Exploit-DB.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-0579
Vulnerability details
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an…
more
elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.
- CWE(s)
- KEV Date Added
- 28 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patch that eliminates the COM Aggregate Marshaler flaw exploited by CVE-2017-0213.
Enforces least-privilege execution so that even a successful COM marshaling bypass cannot grant full administrative rights on the host.
Enforces the underlying Windows access-control decisions that the elevation-of-privilege attack attempts to subvert.