On August 8, 2017 (Patch Tuesday), Microsoft released a bulletin on vulnerability CVE-2017-8620. This vulnerability allows attackers to initiate DoS attacks by running any code on a target system. It is rated important.
See the following for more information about the vulnerability.
CVE identifier
CVE-2017-8620
Vulnerability name
Windows Search remote code execution vulnerability
Vulnerability rating
Important
Vulnerability description
The Windows Search Service (WSS) is a basic service that is enabled on a Windows system by default. When WSS is processing objects in the memory, attackers can exploit the remote code execution vulnerability to control the target system. They can install programs, view, change or delete data, or create new accounts that have all user privileges.
Moreover, unauthenticated attackers can trigger this vulnerability on an enterprise network over SMB connections, and then control target computers.
Affected scope
Desktop operating system
- Microsoft Windows 10 Version 1607 for 32-bit Systems
- Microsoft Windows 10 Version 1607 for x64-based Systems
- Microsoft Windows 10 for 32-bit Systems
- Microsoft Windows 10 for x64-based Systems
- Microsoft Windows 10 version 1511 for 32-bit Systems
- Microsoft Windows 10 version 1511 for x64-based Systems
- Microsoft Windows 10 version 1703 for 32-bit Systems
- Microsoft Windows 10 version 1703 for x64-based Systems
- Microsoft Windows 7 for 32-bit Systems SP1
- Microsoft Windows 7 for x64-based Systems SP1
- Microsoft Windows 8.1 for 32-bit Systems
- Microsoft Windows 8.1 for x64-based Systems
- Microsoft Windows RT 8.1
Server operating system
- Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
- Microsoft Windows Server 2008 R2 for x64-based Systems SP1
- Microsoft Windows Server 2008 for 32-bit Systems SP2
- Microsoft Windows Server 2008 for Itanium-based Systems SP2
- Microsoft Windows Server 2008 for x64-based Systems SP2
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2016
Condition and method of exploitation
Remote exploitation
How to fix or mitigate
Do not run programs with the administrator privilege. Create a common account for each application and grant permissions to this account. Always run applications with minimal permissions.
Install Microsoft updates as soon as possible. Alibaba Cloud users can download and install patches by means of Windows Update or manually. The download URL is https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8620.
Reference
[1]. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8620