CVE-2017-0144

High · CVSS 8.8EPSS 99.2%CISA KEVCWE-20 · Improper Input Validation

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

References

NVD MITRE CVE.org CISA KEV

Published Mar 17, 2017

Community ground truth

Community verdict

3 verdicts

Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

to add your verdict.

Community real-world severity: Critical (Critical 3) — CVSS base score 8.8

Practitioners rate this higher than its CVSS — treat with extra caution.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

0
Remediation · Hanna BergCurated
Apply MS17-010. Disable SMBv1 entirely — there is no reason to run it in 2020+. Block 445/tcp at the perimeter. This is the WannaCry/NotPetya vector.
0
Field note · Marco FerriCurated
Wormable pre-auth RCE in SMBv1. Still lights up honeypots years later because of unmanaged/OT devices. If SMBv1 is on, assume it's being probed.