⚠ Actively exploited
Added to CISA KEV on 2022-05-24. Federal agencies required to patch by 2022-06-14. Required action: Apply updates per vendor instructions..
CVE-2017-0022
Severity
6.5MEDIUM
EPSS
44.1%
top 2.46%
CISA KEV
KEV
Added 2022-05-24
Due 2022-06-14
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMar 17
KEV addedMay 24
KEV dueJun 14
CISA Required Action: Apply updates per vendor instructions.
Description
Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability."
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5microsoft_corporation/xml_core_servicesXML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2