The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
Published 2017-03-17 00:59:04
Updated 2018-06-21 01:29:00
View at NVD,   CVE.org
Vulnerability category: Input validationExecute code

CVE-2017-0144 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Microsoft SMBv1 Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
Added on 2022-02-10 Action due date 2022-08-10

Exploit prediction scoring system (EPSS) score for CVE-2017-0144

Probability of exploitation activity in the next 30 days: 97.45%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2017-0144

  • MS17-010 SMB RCE Detection
    First seen: 2020-04-26
    auxiliary/scanner/smb/smb_ms17_010
    Uses information disclosure to determine if MS17-010 has been patched or not. Specifically, it connects to the IPC$ tree and attempts a transaction on FID 0. If the status returned is "STATUS_INSUFF_SERVER_RESOURCES", the machine does not have the MS17-010 patch.
  • MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
    Disclosure Date: 2017-03-14
    First seen: 2020-04-26
    exploit/windows/smb/ms17_010_eternalblue
    This module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematic
  • SMB DOUBLEPULSAR Remote Code Execution
    Disclosure Date: 2017-04-14
    First seen: 2020-04-26
    exploit/windows/smb/smb_doublepulsar_rce
    This module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable t
  • MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption for Win8+
    Disclosure Date: 2017-03-14
    First seen: 2020-04-26
    exploit/windows/smb/ms17_010_eternalblue_win8
    exploit/windows/smb/ms17_010_eternalblue_win8 EternalBlue exploit for Windows 8, Windows 10, and 2012 by sleepya The exploit might FAIL and CRASH a target system (depended on what is overwritten) The exploit support only x64 target Tested on: - Windows 2012

CVSS scores for CVE-2017-0144

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
9.3
HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
NIST
8.1
HIGH CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2.2
5.9
NIST

CWE ids for CVE-2017-0144

  • The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-0144

Products affected by CVE-2017-0144

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!