CVE-2017-0279
Description
The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A remote code execution vulnerability in the Microsoft SMBv1 server allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted packet.
Vulnerability
The Microsoft Server Message Block 1.0 (SMBv1) server on multiple Windows versions (including Windows 7 SP1, Windows 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016) mishandles certain requests, enabling remote code execution. This vulnerability is also referenced in the Philips IntelliSpace Portal advisory as CVE-2017-0279 [1].
Exploitation
An unauthenticated attacker on the network can send a specially crafted SMBv1 packet to the target server. No user interaction or authentication is required to trigger the vulnerability [1]. The advisory indicates exploits that target some vulnerabilities are publicly available, though specific details for this CVE are not disclosed.
Impact
Successful exploitation allows the attacker to execute arbitrary code on the target system in the context of the SMB server, potentially leading to full system compromise [1]. The impact includes unauthorized access to sensitive information, denial of service, or remote code execution.
Mitigation
Microsoft released a security update for this vulnerability as part of the May 2017 Patch Tuesday updates. Affected systems should apply the appropriate update. The ICS-CERT advisory notes that Philips is creating a software update for IntelliSpace Portal to mitigate these vulnerabilities [1]. Workarounds include disabling SMBv1 or blocking TCP port 445 on perimeter firewalls.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
16cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
- (no CPE)range: build 10240, 10586, 14393, 15063
- cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
- (no CPE)range: <= 6.0.6002.19635
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- Microsoft Corporation/Server Message Block 1.0v5Range: Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0279nvdMitigationPatchVendor Advisory
- www.securityfocus.com/bid/98272nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038430nvd
- ics-cert.us-cert.gov/advisories/ICSMA-18-058-02nvd
News mentions
0No linked articles in our index yet.