edit-icon download-icon

[Vulnerability notice] CVE-2017-8543: Microsoft Windows Search remote code execution vulnerability

Last Updated: Mar 19, 2018

Microsoft announced the vulnerability CVE-2017-8543 on Patch Tuesday on June 13, 2017. A remote code execution vulnerability exists when Windows Search handles objects in the memory. Successful exploits allow the attacker to take control of the affected system.

See the following for more information about the vulnerability.


CVE identifier

CVE-2017-8543

Vulnerability name

Microsoft Windows Search remote code execution vulnerability

Vulnerability rating

High

Vulnerability description

Windows Search is a basic Windows service that is enabled by default. Attackers can exploit this vulnerability by sending a specially crafted Server Message Block (SMB) to Windows Search to gain elevation of privilege and control the victimized computer.

Condition and method of exploitation

Remote exploitation.

Affected scope

Desktop operating systems and software:

  • Microsoft Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Windows 10 Version 1607 for x64-based Systems
  • Microsoft Windows 10 for 32-bit Systems
  • Microsoft Windows 10 for x64-based Systems
  • Microsoft Windows 10 version 1511 for 32-bit Systems
  • Microsoft Windows 10 version 1511 for x64-based Systems
  • Microsoft Windows 10 version 1703 for 32-bit Systems
  • Microsoft Windows 10 version 1703 for x64-based Systems
  • Microsoft Windows 7 for 32-bit Systems SP1
  • Microsoft Windows 7 for x64-based Systems SP1
  • Microsoft Windows 8.1 for 32-bit Systems
  • Microsoft Windows 8.1 for x64-based Systems
  • Microsoft Windows RT 8.1

Server operating systems:

  • Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
  • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for Itanium-based Systems SP2
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2003

Vulnerability detection

None

How to fix or mitigate

Do not run programs with the administrator privilege, and always run applications with minimal permissions. We recommend that you create a common account for each application and grant permissions to this account.

Install the Microsoft patches as soon as possible. Alibaba Cloud users can download and install the patches by means of Windows Update or manually. The download URL is https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543.

Reference

[1]. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543
[2]. http://www.securityfocus.com/bid/98824

Thank you! We've received your feedback.