KLA11038
Remote code execution vulnerability in Microsoft Windows
Updated: 06/19/2017
CVSS
?
0.0
Detect date
?
06/12/2017
Severity
?
Warning
Description

An improper handing of objects in memory was found in Windows Search in Microsoft Windows. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed SMB message, which is to be sent to the Windows search service.

NB: This vulnerability does not have any public CVSS rating so rating can be changed by the time.

NB: At this moment Microsoft has just reserved CVE number for this vulnerability. Information can be changed soon.

Affected products

Microsoft Windows 7 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows RT 8.1
Microsoft Windows 10
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2017-8543

Impacts
?
ACE 
[?]
Related products
Windows RT
Microsoft Windows Server 2012
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows 10
CVE-IDS
?

CVE-2017-8543

MS list
CVE-2017-8543
KB list

4022727
4022714
4022715
4022725
4022719
4022722
4022726
4022717
4022726
4024402
4022724
4022718
4021558