MS17-010 SMB Remote Code Execution (CVE-2017-0144)
Overview
MS17-010 SMB Remote Code Execution, tracked as CVE-2017-0144, affects the SMBv1 server implementation in Microsoft Windows. It is one of the best-known Windows remote code execution vulnerabilities because of its association with the MS17-010 security update and the EternalBlue exploitation chain.
Vulnerability Overview
CVE-2017-0144 exists in the Microsoft SMBv1 server, where crafted network packets can trigger unsafe handling in the service. SMB is commonly exposed on internal Windows networks for file and printer sharing, which made this vulnerability especially dangerous in enterprise environments.
The vulnerability is part of the MS17-010 family, but this specific CVE refers to the Windows SMB remote code execution issue documented by Microsoft and NVD.
Impact
The vulnerability is rated High with a CVSS 3.1 score of 8.8. Successful exploitation can allow remote code execution on an affected Windows host, potentially leading to full system compromise depending on service privileges and host configuration.
CVE-2017-0144 is also listed in CISA KEV, reflecting known exploitation in real-world environments. Its wormable nature and historical use in large-scale ransomware outbreaks make patch status and SMB exposure especially important.
Vulnerability Scope
Affected products include SMBv1 on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and 2012 R2, Windows RT 8.1, Windows 10 1507/1511/1607, and Windows Server 2016.
Systems with SMBv1 disabled or patched with the relevant Microsoft security updates are not exposed to this specific vulnerable behavior. Administrators should also restrict SMB access to trusted networks and remove SMBv1 wherever possible.
Lab Focus
This Hackviser lab focuses on understanding how an exposed Windows file-sharing service can become a remote code execution risk. You will practice recognizing MS17-010 exposure, connecting SMBv1 risk to patch management, and reasoning about why legacy protocol support increases attack surface.