Cyber Resilience

CVE-2017-8543

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 15 June 2017

Published
15 June 2017
Modified
22 April 2026
KEV Added
24 May 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8514 99.4th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-8543 is a critical-severity Improper Preservation of Permissions (CWE-281) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability CVE-2017-8543 is a remote code execution flaw in the Windows Search component caused by improper handling of objects in memory. It affects a wide range of Microsoft Windows operating systems, specifically Windows XP SP3, Windows XP x64 Edition SP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 (Gold, 1511, 1607, 1703), and Windows Server 2016. The issue is tracked under CWE-281 and carries a CVSS 3.1 base score of 9.8.

An unauthenticated attacker can exploit the flaw remotely over the network with no user interaction required, resulting in the ability to execute arbitrary code and take full control of the affected system.

The Microsoft Security Response Center advisory referenced at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543 supplies official security guidance and patch information for the vulnerability.

EU & UK References

Vulnerability details

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold,…

more

1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".

CWE(s)
KEV Date Added
24 May 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
all versions
microsoft
windows 10 1511
all versions
microsoft
windows 10 1607
all versions
microsoft
windows 10 1703
all versions
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patch that eliminates the Windows Search memory-handling flaw.

prevent

Allows disabling or removing the Windows Search service/component so the vulnerable code is never executed.

prevent

Boundary-protection rules can block unauthenticated network traffic to the Search service before the RCE can be reached.

References