9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.309 Low
EPSS
Percentile
96.5%
Recently, 360CERT confirm the number CVE-2017-8543 Microsoft Windows Search serious vulnerability there is a remote attack the viability of the vulnerability being successfully exploited on Windows users have a serious security threat, this is again warning the use of Windows platform users immediately Microsoft of 2017, 6-month security patch update or install“360 security guards”for effective Defense.
Microsoft in the year 6 mid-release patch package contains a Windows Search remote code execution vulnerability CVE number:CVE-2017-8543。 When Windows Search handle objects in memory, there is a remote code execution vulnerability. Successful exploitation of this vulnerability an attacker can control the affected target system.
In order to exploit this vulnerability, an attacker would have to the Windows Search service to send a specially crafted message. Have access to the target computer, the attacker can use this vulnerability to elevate privileges and control the target computer. In addition, in the enterprise scenario, an unauthenticated remote attacker may be through the SMB connection to the remote trigger this vulnerability, and then control the target computer.
Vulnerability demo
!
Hazard rating
[+]Serious
Impact version
Microsoft Windows 10 3
Microsoft Windows 7 1
Microsoft Windows 8 1
Microsoft Windows Server 2008 2
Microsoft Windows Server 2012 2
Microsoft Windows Server 2016
Solution
1. Strongly recommends that all affected users, to update the official patch.
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-8543
2. Download and install“360 security guards”for the defense
https://www.360.cn/
Technical support
邮件至[email protected]
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.309 Low
EPSS
Percentile
96.5%