cnvd - cnvd-2017-09381

cnvd-2017-09381

Vulnerability from cnvd

Title: Microsoft Windows Search远程代码执行漏洞

Description:

Windows Search服务（WSS）是windows的一项默认启用的基本服务。允许用户在多个Windows服务和客户端之间进行搜索。

Windows Search存在远程代码执行漏洞，攻击者可以通过向Windows Search服务发送精心构造的SMB消息，从而利用此漏洞提升权限并控制计算机。

Severity: 高

Patch Name: Microsoft Windows Search远程代码执行漏洞的补丁

Patch Description:

Windows Search服务（WSS）是windows的一项默认启用的基本服务。允许用户在多个Windows服务和客户端之间进行搜索。

Windows Search存在远程代码执行漏洞，攻击者可以通过向Windows Search服务发送精心构造的SMB消息，从而利用此漏洞提升权限并控制计算机。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁已修复这个安全问题，请到厂商的主页下载： https://support.microsoft.com/zh-cn/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms

Reference: https://threatpost.com/microsoft-patches-two-critical-vulnerabilities-under-attack/126239/ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543

Impacted products

Name
['Microsoft Windows Server 2008', 'Microsoft Windows 7', 'Microsoft Windows Server 2003', 'Microsoft Windows XP', 'Microsoft Windows Vista', 'Microsoft Windows Windows Server 2012', 'Microsoft Windows 8.1', 'Microsoft Windows 8', 'Microsoft Windows RT 8.1', 'Microsoft Windows 10', 'Microsoft Windows Server 2016']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8543"
    }
  },
  "description": "Windows Search\u670d\u52a1\uff08WSS\uff09\u662fwindows\u7684\u4e00\u9879\u9ed8\u8ba4\u542f\u7528\u7684\u57fa\u672c\u670d\u52a1\u3002\u5141\u8bb8\u7528\u6237\u5728\u591a\u4e2aWindows\u670d\u52a1\u548c\u5ba2\u6237\u7aef\u4e4b\u95f4\u8fdb\u884c\u641c\u7d22\u3002\r\n\r\nWindows Search\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411Windows Search\u670d\u52a1\u53d1\u9001\u7cbe\u5fc3\u6784\u9020\u7684SMB\u6d88\u606f\uff0c\u4ece\u800c\u5229\u7528\u6b64\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u5e76\u63a7\u5236\u8ba1\u7b97\u673a\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u5df2\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://support.microsoft.com/zh-cn/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-09381",
  "openTime": "2017-06-14",
  "patchDescription": "Windows Search\u670d\u52a1\uff08WSS\uff09\u662fwindows\u7684\u4e00\u9879\u9ed8\u8ba4\u542f\u7528\u7684\u57fa\u672c\u670d\u52a1\u3002\u5141\u8bb8\u7528\u6237\u5728\u591a\u4e2aWindows\u670d\u52a1\u548c\u5ba2\u6237\u7aef\u4e4b\u95f4\u8fdb\u884c\u641c\u7d22\u3002\r\n\r\nWindows Search\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411Windows Search\u670d\u52a1\u53d1\u9001\u7cbe\u5fc3\u6784\u9020\u7684SMB\u6d88\u606f\uff0c\u4ece\u800c\u5229\u7528\u6b64\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u5e76\u63a7\u5236\u8ba1\u7b97\u673a\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows Search\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008",
      "Microsoft Windows 7",
      "Microsoft Windows Server 2003",
      "Microsoft Windows XP",
      "Microsoft Windows Vista",
      "Microsoft Windows Windows Server 2012",
      "Microsoft Windows 8.1",
      "Microsoft Windows 8",
      "Microsoft Windows RT 8.1",
      "Microsoft Windows 10",
      "Microsoft Windows Server 2016"
    ]
  },
  "referenceLink": "https://threatpost.com/microsoft-patches-two-critical-vulnerabilities-under-attack/126239/ \r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543",
  "serverity": "\u9ad8",
  "submitTime": "2017-06-14",
  "title": "Microsoft Windows Search\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2017-8543 (GCVE-0-2017-8543)

Vulnerability from cvelistv5

Published

2017-06-15 01:00

Modified

2025-07-30 01:46

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Remote Code Execution

Summary

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".

References

▼	URL	Tags
	http://www.securityfocus.com/bid/98824	vdb-entry, x_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038667	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	Microsoft Windows	Version: Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:41:22.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "98824",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98824"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543"
          },
          {
            "name": "1038667",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038667"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2017-8543",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T14:52:00.568719Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-05-24",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8543"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-281",
                "description": "CWE-281 Improper Preservation of Permissions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:46:27.051Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-05-24T00:00:00+00:00",
            "value": "CVE-2017-8543 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Windows",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
            }
          ]
        }
      ],
      "datePublic": "2017-06-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka \"Windows Search Remote Code Execution Vulnerability\"."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "98824",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98824"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543"
        },
        {
          "name": "1038667",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038667"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-8543",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka \"Windows Search Remote Code Execution Vulnerability\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "98824",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98824"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543"
            },
            {
              "name": "1038667",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038667"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-8543",
    "datePublished": "2017-06-15T01:00:00.000Z",
    "dateReserved": "2017-05-03T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:46:27.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted