CVE-2017-0144

high

Microsoft ⚠️ CISA KEV — Exploited in the Wild

CVSS v3 Base Score

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

94.4%

Exploitation probability in 30 days

Top 0% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: March 17, 2017 (3345 days ago)

Last Modified: April 22, 2026

Vendor: Microsoft

Source: NVD

⚠️ CISA Known Exploited Vulnerability

Added to KEV: 2022-02-10

Remediation Due: 2022-08-10 (⚠ 1373d overdue)

Ransomware Campaign: Known

Description

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

CWE

NVD-CWE-noinfo

Affected Products

microsoft server message blocksiemens acuson p300 firmwaresiemens acuson p500 firmwaresiemens acuson sc2000 firmwaresiemens acuson x700 firmwaresiemens syngo sc2000 firmwaresiemens tissue preparation system firmwaresiemens versant kpcr molecular system firmwaresiemens versant kpcr sample prep firmware

References

🔗 packetstormsecurity.com 🔗 packetstormsecurity.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 cert-portal.siemens.com

CVE-2017-0144

⚠️ CISA Known Exploited Vulnerability

Vulnerability Report

Description

CWE

Affected Products

References