CVE-2017-0145 Microsoft CVE debrief

Who should care

Windows administrators, vulnerability management teams, security operations, and incident responders responsible for systems where SMBv1 is still enabled, reachable, or depended on by legacy applications.

Technical summary

The official CISA KEV entry identifies CVE-2017-0145 as a Microsoft SMBv1 remote code execution vulnerability. CISA marks the item as actively exploited and notes known ransomware campaign use. The KEV record directs organizations to apply updates per vendor instructions, and the linked CVE/NVD records provide the canonical vulnerability references.

Defensive priority

Critical

Recommended defensive actions

• Apply Microsoft vendor updates and follow the remediation guidance referenced by CISA KEV.
• Identify and inventory any systems or applications that still require SMBv1.
• Disable SMBv1 wherever it is not strictly required and remove legacy dependencies.
• Prioritize remediation on exposed, high-value, and internet-reachable assets.
• Verify remediation by rescanning and confirming SMBv1 is no longer enabled where it should be removed.
• Monitor for signs of exploitation and ransomware-related activity across affected hosts.

Evidence notes

The supplied corpus contains only official sources. CISA’s Known Exploited Vulnerabilities catalog lists Microsoft SMBv1 / CVE-2017-0145 with known ransomware campaign use and a remediation due date of 2022-08-10. The source item points to the NVD detail page for CVE-2017-0145, and the official CVE record is included as a canonical identifier reference.

Official resources