CVE–2017–8543 Windows Search remote code execution vulnerability alerts-a vulnerability alert-the black bar safety net

Recently, 360CERT confirm the number CVE-2017-8543 Microsoft Windows Search serious vulnerability there is a remote attack the viability of the vulnerability being successfully exploited on Windows users have a serious security threat, this is again warning the use of Windows platform users immediately Microsoft of 2017, 6-month security patch update or install“360 security guards”for effective Defense.
Microsoft in the year 6 mid-release patch package contains a Windows Search remote code execution vulnerability CVE number:CVE-2017-8543。 When Windows Search handle objects in memory, there is a remote code execution vulnerability. Successful exploitation of this vulnerability an attacker can control the affected target system.
In order to exploit this vulnerability, an attacker would have to the Windows Search service to send a specially crafted message. Have access to the target computer, the attacker can use this vulnerability to elevate privileges and control the target computer. In addition, in the enterprise scenario, an unauthenticated remote attacker may be through the SMB connection to the remote trigger this vulnerability, and then control the target computer.
Vulnerability demo
!
Hazard rating
[+]Serious
Impact version
Microsoft Windows 10 3
Microsoft Windows 7 1
Microsoft Windows 8 1
Microsoft Windows Server 2008 2
Microsoft Windows Server 2012 2
Microsoft Windows Server 2016
Solution
1． Strongly recommends that all affected users, to update the official patch.
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-8543
2. Download and install“360 security guards”for the defense
https://www.360.cn/
Technical support
邮件至[email protected]