Vulnerability intelligence
CVE-2017-0144
Microsoft SMBv1 Remote Code Execution Vulnerability
Microsoft SMBv1
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
CVSS Score
8.8
High
EPSS — Exploit Probability
94%
Riskier than 100% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2022-08-10
CISA required action
Apply updates per vendor instructions. Deadline for federal agencies: 2022-08-10.
1 article across 1 outlet · first covered May 12, 2026 · latest May 12, 2026
Coverage timeline
-
WannaCry worm spreads globally after exploiting Windows SMB flawsecurityaffairs.com · May 12, 2026