Critical severity9.8CISA KEVNVD Advisory· Published Jun 15, 2017· Updated Apr 22, 2026

CVE-2017-8543

Description

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".

Affected products

Microsoft/Windows 10 15072 versions
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*+ 1 more
- cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*
Microsoft/Windows 10 15112 versions
cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:x64:*+ 1 more
- cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:x86:*
Microsoft/Windows 10 16072 versions
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*+ 1 more
- cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*
Microsoft/Windows 10 17032 versions
cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*+ 1 more
- cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x86:*
Microsoft/Windows 7
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Microsoft/Windows 8.1
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Microsoft/Windows Rt 8.1
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Microsoft/Windows Server 20083 versions
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*+ 2 more
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Microsoft/Windows Server 20122 versions
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft/Windows Server 2016
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543nvdMitigationPatchVendor Advisory
www.securityfocus.com/bid/98824nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038667nvdBroken LinkThird Party AdvisoryVDB Entry
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.068
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000