CVE-2017-8543
Published: 15 June 2017
Summary
CVE-2017-8543 is a critical-severity Improper Preservation of Permissions (CWE-281) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability CVE-2017-8543 is a remote code execution flaw in the Windows Search component caused by improper handling of objects in memory. It affects a wide range of Microsoft Windows operating systems, specifically Windows XP SP3, Windows XP x64 Edition SP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 (Gold, 1511, 1607, 1703), and Windows Server 2016. The issue is tracked under CWE-281 and carries a CVSS 3.1 base score of 9.8.
An unauthenticated attacker can exploit the flaw remotely over the network with no user interaction required, resulting in the ability to execute arbitrary code and take full control of the affected system.
The Microsoft Security Response Center advisory referenced at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543 supplies official security guidance and patch information for the vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-17493
Vulnerability details
Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold,…
more
1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".
- CWE(s)
- KEV Date Added
- 24 May 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patch that eliminates the Windows Search memory-handling flaw.
Allows disabling or removing the Windows Search service/component so the vulnerable code is never executed.
Boundary-protection rules can block unauthenticated network traffic to the Search service before the RCE can be reached.