What is CVE-2017-0145?

CVE-2017-0145 is a high-severity vulnerability in Microsoft's SMBv1 server, allowing remote code execution via crafted packets. Organizations should prioritize patching immediately to mitigate potential exploits.

What is the severity of CVE-2017-0145?

CVE-2017-0145 has a severity rating of HIGH with a CVSS base score of 8.8.

Is CVE-2017-0145 in CISA KEV?

Yes. CVE-2017-0145 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2017-0145 | High Vulnerability in Microsoft SMBv1

CVE-2017-0145 is a high-severity vulnerability affecting the SMBv1 server across multiple Microsoft Windows versions. This vulnerability allows remote attackers to execute arbitrary code by sending crafted packets. The severity of this vulnerability, with a CVSS score of 8.8, indicates a significant risk that organizations must address. The urgency for remediation is critical, as the vulnerability is actively exploited in the wild.

The affected systems include Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and various versions of Windows 10. Given the widespread use of these operating systems, the potential impact on organizations is substantial.

The vulnerability was published on March 17, 2017, and has been analyzed thoroughly. Known exploitation attempts have been observed, making immediate action necessary for all organizations relying on affected Microsoft products.

Organizations should prioritize patching immediately to mitigate risks associated with CVE-2017-0145. Regular updates and security assessments are essential to protect against such vulnerabilities.

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code via crafted packets sent to the SMBv1 server. The CVSS score of 8.8 indicates a high severity level, with a significant risk of data breach or system compromise.

The SMBv1 server is implemented in various Microsoft products including Windows Vista, Windows 7, Windows 8.1, Windows 10, and relevant server editions. The vulnerability was officially disclosed on March 17, 2017, and is classified under CWE-20.

Technical Analysis

The root cause of this vulnerability stems from improper validation of input data in the SMBv1 server. This oversight allows attackers to send specially crafted packets that can manipulate the server into executing arbitrary code.

The attack vector is network-based, requiring low complexity to exploit. Attackers need to possess low privileges to initiate the attack, and no user interaction is required. Successful exploitation can lead to a complete compromise of the confidentiality, integrity, and availability of affected systems.

Risk & Impact Analysis

Risk to organizations includes potential remote code execution by attackers, which can lead to unauthorized access and data breaches. The blast radius of this vulnerability is extensive, affecting numerous widely used Microsoft products. Given the high CVSS score and active exploitation status, organizations must treat this vulnerability as a top priority.

The critical nature of this vulnerability mandates immediate action. Organizations should address it in their patch cycles to mitigate the risks associated with CVE-2017-0145.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	Yes

Affected Versions

Affected versions include Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and various versions of Windows 10.

Mitigation & Remediation

To mitigate this vulnerability, organizations should apply the latest security updates from Microsoft. Those who have not yet done so should upgrade to the latest version of their operating systems. Organizations should also consider implementing additional security measures such as network segmentation and access controls to limit exposure.

For more information on how to validate fixes and ensure ongoing protection, organizations can utilize penetration testing services.

Detection Guidance

Organizations should monitor logs for unusual SMB traffic patterns and detect behavioral anomalies that may indicate exploitation attempts. Network signatures can also be employed to identify potential malicious packets targeting the SMBv1 server.

AppSecure Threat Intelligence Insight

CVE-2017-0145 represents a significant threat to organizations using affected Microsoft products. The pattern of exploitation highlights the need for strong security postures and regular updates. Security teams should remain vigilant for signs of exploitation and ensure that regular vulnerability assessments are conducted.

For further insights on managing security vulnerabilities, organizations can refer to the following resources: vulnerability management programs, penetration testing methodologies, and API security testing best practices.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2017-0145: High Vulnerability in Microsoft SMBv1