First published: Fri Mar 17 2017(Updated: )
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Windows 10 | ||
Microsoft Windows 10 | ||
Microsoft Windows 10 | ||
Microsoft Windows 7 | =sp1 | |
Microsoft Windows | ||
Microsoft Windows RT | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =r2-sp1 | |
Microsoft Windows Server | ||
Microsoft Windows Server | =r2 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows Vista | =sp2 | |
All of | ||
Any of | ||
Siemens Acuson P300 | =13.02 | |
Siemens Acuson P300 | =13.03 | |
Siemens Acuson P300 | =13.20 | |
Siemens Acuson P300 | =13.21 | |
Siemens Acuson P300 | ||
All of | ||
Any of | ||
Siemens Acuson P500 | =va10 | |
Siemens Acuson P500 | =vb10 | |
Siemens Acuson P500 Firmware | ||
All of | ||
Any of | ||
Siemens Syngo SC2000 Firmware | >=4.0<4.0e | |
Siemens Syngo SC2000 Firmware | =5.0a | |
Siemens Acuson SC2000 Firmware | ||
All of | ||
Any of | ||
Siemens Acuson X700 | =1.0 | |
Siemens Acuson X700 | =1.1 | |
Siemens Acuson X700 | ||
All of | ||
Any of | ||
Siemens Acuson SC2000 Firmware | >=4.0<4.0e | |
Siemens Acuson SC2000 Firmware | =5.0a | |
Siemens Syngo SC2000 Firmware | ||
All of | ||
Siemens Tissue Preparation System | ||
Siemens Tissue Preparation System Firmware | ||
All of | ||
Siemens Versant kPCR Molecular System | ||
Siemens Versant kPCR Molecular System | ||
All of | ||
Siemens Versant KPCR Sample Prep Firmware | ||
Siemens Versant kPCR Sample Prep | ||
Microsoft Server Message Block | ||
Microsoft SMBv1 Server | =1.0 | |
Windows 10 | ||
Windows 10 | =1511 | |
Windows 10 | =1607 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows | ||
Microsoft Windows RT | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =r2-sp1 | |
Microsoft Windows Server | =gold | |
Microsoft Windows Server | =r2 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows Vista | =sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-0147 has a severity rating of critical due to its potential for remote code execution.
To fix CVE-2017-0147, apply the latest security patches provided by Microsoft for affected Windows versions.
CVE-2017-0147 affects various Windows versions including Windows 7 SP1, Windows 8.1, and server versions up to Windows Server 2016.
CVE-2017-0147 allows attackers to execute arbitrary code on vulnerable systems via crafted SMB requests.
Disabling SMBv1 on affected systems can serve as a temporary workaround for CVE-2017-0147.