CVE-2017-0144:A remote code execution vulnerability exists in the SMBv1 server of multiple Microsoft Windows versions, allowing attackers to execute arbitrary code via crafted packets.

splash
Back

Description Preview

The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607, as well as Windows Server 2016, is vulnerable to a remote code execution vulnerability. This vulnerability allows remote attackers to execute arbitrary code on the affected systems by sending specially crafted packets. This vulnerability is distinct from others documented in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

Overview

  • CVE ID: CVE-2017-0144
  • Vendor: Microsoft Corporation
  • Affected Products:
    • Windows Vista SP2
    • Windows Server 2008 SP2 and R2 SP1
    • Windows 7 SP1
    • Windows 8.1
    • Windows Server 2012 Gold and R2
    • Windows RT 8.1
    • Windows 10 Gold, 1511, and 1607
    • Windows Server 2016
  • Impact: Remote Code Execution
  • Severity: High (CVSS v3.1 base score: 8.8)
  • Attack Vector: Network
  • User Interaction: None required
  • Privileges Required: Low

Remediation

To mitigate the risk associated with this vulnerability, Microsoft recommends the following actions:

  1. Disable SMBv1: Users should disable SMBv1 on affected systems. This can be done through Windows features or PowerShell commands.
  2. Apply Security Updates: Ensure that all relevant security updates from Microsoft are applied to the affected systems. Regularly check for updates and install them promptly.
  3. Network Segmentation: Limit access to SMB services from untrusted networks and implement network segmentation to reduce exposure.
  4. Monitor for Exploitation: Use intrusion detection systems to monitor for signs of exploitation attempts against this vulnerability.

References

  1. Microsoft Security Advisory for CVE-2017-0144
  2. Exploit-DB Entry 42031
  3. Exploit-DB Entry 42030
  4. Exploit-DB Entry 41891
  5. SecurityTracker Entry 1037991
  6. CISA Known Exploited Vulnerabilities Catalog
  7. ICS-CERT Advisory ICSMA-18-058-02
  8. Packet Storm Security - DOUBLEPULSAR Payload Execution
  9. Packet Storm Security - SMB DOUBLEPULSAR Remote Code Execution

Early Warning

Customers using Armis Early Warning were notified about this vulnerability before it appeared in CISA's Known Exploited Vulnerabilities Catalog, enabling them to assess their exposure and act proactively. Armis offers these examples of CVEs already included in CISA KEV for potential customers. Click here to learn how to receive alerts earlier.

Armis Alert Date
Mar 17, 2017
CISA KEV Date
Feb 10, 2022
1791days early

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing: Medium
    Manufacturing
  2. Health Care & Social Assistance: Medium
    Health Care & Social Assistance
  3. Public Administration: Medium
    Public Administration
  4. Transportation & Warehousing: Low
    Transportation & Warehousing
  5. Retail Trade: Low
    Retail Trade
  6. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  7. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  8. Educational Services: Low
    Educational Services
  9. Finance and Insurance: Low
    Finance and Insurance
  10. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  11. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  12. Utilities: Low
    Utilities
  13. Accommodation & Food Services: Low
    Accommodation & Food Services
  14. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  15. Information: Low
    Information
  16. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  17. Construction: Low
    Construction
  18. Mining: Low
    Mining
  19. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background