CVE-2017-8543 vulnerability in Microsoft Products
Published on June 15, 2017
Known Exploited Vulnerability
This Microsoft Windows Search Remote Code Execution Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory.
The following remediation steps are recommended / required by June 14, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2017-8543 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors in an automatable fashion. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Products Associated with CVE-2017-8543
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2017-8543 are published in these products:
Affected Versions
Microsoft Corporation Microsoft Windows Version Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016. is affected by CVE-2017-8543Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.