CVE-2017-8464
Published: 15 June 2017
Summary
CVE-2017-8464 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
The vulnerability CVE-2017-8464 resides in the Windows Shell component of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold/1511/1607/1703, and Windows Server 2016. It is triggered when a crafted .LNK shortcut file is parsed for icon display inside Windows Explorer or any other application that processes shortcut icons, resulting in arbitrary code execution.
An attacker can exploit the flaw either locally or remotely by supplying a malicious .LNK file that is rendered by the victim; successful exploitation grants code execution at the privileges of the user viewing the file. The issue carries a CVSS 3.1 base score of 8.8 with network attack vector, low complexity, and no required privileges or user interaction beyond rendering the icon.
Microsoft published an advisory for CVE-2017-8464 on its security guidance portal, and public proof-of-concept code has been posted to Exploit Database.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-17414
Vulnerability details
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users…
more
or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."
- CWE(s)
- KEV Date Added
- 10 February 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patch that eliminates the LNK icon-parsing flaw before exploitation can occur.
Requires malicious-code protection mechanisms that scan or sandbox .LNK files before Windows Explorer renders their icons.
Requires integrity verification of files and executables, enabling detection of unauthorized or crafted .LNK shortcut content.