edit-icon download-icon

[Vulnerability notice] CVE-2017-8620: Remote code execution vulnerability in Windows Search

Last Updated: Mar 12, 2018

On August 8, 2017 (Patch Tuesday), Microsoft released a bulletin on vulnerability CVE-2017-8620. This vulnerability allows attackers to initiate DoS attacks by running any code on a target system. It is rated important.

See the following for more information about the vulnerability.


CVE identifier

CVE-2017-8620

Vulnerability name

Windows Search remote code execution vulnerability

Vulnerability rating

Important

Vulnerability description

The Windows Search Service (WSS) is a basic service that is enabled on a Windows system by default. When WSS is processing objects in the memory, attackers can exploit the remote code execution vulnerability to control the target system. They can install programs, view, change or delete data, or create new accounts that have all user privileges.

Moreover, unauthenticated attackers can trigger this vulnerability on an enterprise network over SMB connections, and then control target computers.

Affected scope

Desktop operating system

  • Microsoft Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Windows 10 Version 1607 for x64-based Systems
  • Microsoft Windows 10 for 32-bit Systems
  • Microsoft Windows 10 for x64-based Systems
  • Microsoft Windows 10 version 1511 for 32-bit Systems
  • Microsoft Windows 10 version 1511 for x64-based Systems
  • Microsoft Windows 10 version 1703 for 32-bit Systems
  • Microsoft Windows 10 version 1703 for x64-based Systems
  • Microsoft Windows 7 for 32-bit Systems SP1
  • Microsoft Windows 7 for x64-based Systems SP1
  • Microsoft Windows 8.1 for 32-bit Systems
  • Microsoft Windows 8.1 for x64-based Systems
  • Microsoft Windows RT 8.1

Server operating system

  • Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
  • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for Itanium-based Systems SP2
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016

Condition and method of exploitation

Remote exploitation

How to fix or mitigate

  • Do not run programs with the administrator privilege. Create a common account for each application and grant permissions to this account. Always run applications with minimal permissions.

  • Install Microsoft updates as soon as possible. Alibaba Cloud users can download and install patches by means of Windows Update or manually. The download URL is https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8620.

Reference

[1]. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8620

Thank you! We've received your feedback.