All Products
Search

This Product

    [Vulnerability notice] CVE-2017-8620: Remote code execution vulnerability in Windows Search

    Document Center

    [Vulnerability notice] CVE-2017-8620: Remote code execution vulnerability in Windows Search

    Last Updated: Mar 12, 2018

    On August 8, 2017 (Patch Tuesday), Microsoft released a bulletin on vulnerability CVE-2017-8620. This vulnerability allows attackers to initiate DoS attacks by running any code on a target system. It is rated important.

    See the following for more information about the vulnerability.

    CVE identifier

    CVE-2017-8620

    Vulnerability name

    Windows Search remote code execution vulnerability

    Vulnerability rating

    Important

    Vulnerability description

    The Windows Search Service (WSS) is a basic service that is enabled on a Windows system by default. When WSS is processing objects in the memory, attackers can exploit the remote code execution vulnerability to control the target system. They can install programs, view, change or delete data, or create new accounts that have all user privileges.

    Moreover, unauthenticated attackers can trigger this vulnerability on an enterprise network over SMB connections, and then control target computers.

    Affected scope

    Desktop operating system

    • Microsoft Windows 10 Version 1607 for 32-bit Systems
    • Microsoft Windows 10 Version 1607 for x64-based Systems
    • Microsoft Windows 10 for 32-bit Systems
    • Microsoft Windows 10 for x64-based Systems
    • Microsoft Windows 10 version 1511 for 32-bit Systems
    • Microsoft Windows 10 version 1511 for x64-based Systems
    • Microsoft Windows 10 version 1703 for 32-bit Systems
    • Microsoft Windows 10 version 1703 for x64-based Systems
    • Microsoft Windows 7 for 32-bit Systems SP1
    • Microsoft Windows 7 for x64-based Systems SP1
    • Microsoft Windows 8.1 for 32-bit Systems
    • Microsoft Windows 8.1 for x64-based Systems
    • Microsoft Windows RT 8.1

    Server operating system

    • Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
    • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
    • Microsoft Windows Server 2008 for 32-bit Systems SP2
    • Microsoft Windows Server 2008 for Itanium-based Systems SP2
    • Microsoft Windows Server 2008 for x64-based Systems SP2
    • Microsoft Windows Server 2012
    • Microsoft Windows Server 2012 R2
    • Microsoft Windows Server 2016

    Condition and method of exploitation

    Remote exploitation

    How to fix or mitigate

    • Do not run programs with the administrator privilege. Create a common account for each application and grant permissions to this account. Always run applications with minimal permissions.

    • Install Microsoft updates as soon as possible. Alibaba Cloud users can download and install patches by means of Windows Update or manually. The download URL is https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8620.

    Reference

    [1]. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8620

    Free Trial Free Trial