PatchSiren cyber security CVE debrief
CVE-2017-0147 Microsoft CVE debrief
CVE-2017-0147 is a Microsoft SMBv1 information disclosure vulnerability affecting the SMBv1 server component. CISA lists it in the Known Exploited Vulnerabilities catalog and marks it as having known ransomware campaign use, which makes it a priority for defensive remediation even though the source corpus provides limited technical detail beyond the vulnerability class and affected product.
- Vendor
- Microsoft
- Product
- SMBv1 server
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2022-05-24
- Original CVE updated
- 2022-05-24
- Advisory published
- 2022-05-24
- Advisory updated
- 2022-05-24
Who should care
Security and IT teams that still manage Microsoft systems with SMBv1 exposure should care most, especially asset owners responsible for patching, vulnerability management, and network hardening. Incident responders should also treat it as a higher-priority finding because CISA flags known exploitation and ransomware campaign use.
Technical summary
The available sources identify this issue as a Microsoft Windows SMBv1 information disclosure vulnerability in the SMBv1 server. The source corpus does not include exploit mechanics, affected versions, or impact specifics beyond the information disclosure classification. What is clear from the authoritative sources is that CISA has included CVE-2017-0147 in its KEV catalog, indicating observed exploitation in the wild.
Defensive priority
High. CISA’s KEV listing and the note that this vulnerability has known ransomware campaign use elevate it above routine patch items. Organizations should treat it as an urgent remediation item where SMBv1 remains present or exposed.
Recommended defensive actions
- Apply updates per vendor instructions.
- Confirm whether SMBv1 is enabled anywhere in the environment and disable it where it is not explicitly required.
- Prioritize remediation on internet-facing and business-critical Windows assets.
- Validate that vulnerable systems are covered by vulnerability management and patch compliance workflows.
- Use the official CVE and NVD records to confirm asset scope before and after remediation.
Evidence notes
The debrief is based only on the supplied source corpus and official links: the CVE record, NVD detail page, and CISA’s KEV source feed/catalog. The corpus confirms the product as Microsoft SMBv1 server, the vulnerability name as Microsoft Windows SMBv1 Information Disclosure Vulnerability, KEV inclusion, a CISA dateAdded of 2022-05-24, a dueDate of 2022-06-14, and known ransomware campaign use. No exploit method, affected build list, or attack chain details were inferred.
Official resources
-
CVE-2017-0147 CVE record
CVE.org
-
CVE-2017-0147 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply updates per vendor instructions.
-
Source item URL
cisa_kev
CISA lists CVE-2017-0147 in the Known Exploited Vulnerabilities catalog and notes known ransomware campaign use. The source corpus does not provide additional exploit or impact specifics, so this debrief stays limited to verified defensive,