CVE Tools

CVE-2017-0147

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607...

Published: Mar 17, 2017Updated: Apr 22, 2026 Sources: CVE List NVD BDU csafNVD-CWE-noinfo

Description

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

In plain language

AI Act now

CVE-2017-0147 is a serious information-disclosure bug in the SMBv1 server on many older Microsoft Windows versions, and a typical small business should act now because it has a very high likelihood of being exploited and is tied to ransomware activity.

What to do

  1. Turn off SMBv1 (and ensure file sharing uses newer SMB versions) on affected Windows machines. 2) Update/patch your Windows systems where applicable; if you can’t update, isolate the machine from untrusted networks and limit network access to file sharing ports. 3) Verify with your IT person that SMBv1 is not enabled on any exposed servers or PCs that provide shared folders.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:HI:NA:N
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:NIntegrity
None
A:NAvailability
None

Weaknesses

Affected Products

microsoft corpcommercialUSOperating Systemsaka microsoft corporation
and 27 more affected products View all →

Exploitability

CISA Known Exploited Vulnerability
Added to KEV:May 24, 2022
Remediation due:Jun 14, 2022
Ransomware:Known ransomware use

Required action: Apply updates per vendor instructions.

5 exploit sources identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details
Official Patch Available

References

and 69 more references View all →

Timeline

Published
Mar 17, 2017
Added to CISA KEV
May 24, 2022
Last Updated
Apr 22, 2026
1

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2017-0147 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows