CVE-2017-0164 — Improper Input Validation in Corporation Active Directory

CWE-20 — Improper Input Validation5 documents4 sources

Severity

4.4MEDIUMNVD

EPSS

5.4%

top 9.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Active Directory Microsoft Windows 10 Msrc Windows 10 Version 1607 FOR 32-bit Systems +2 more

Timeline

PublishedApr 12

Latest updateMay 17

Description

A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.7 | Impact: 3.6

Affected Packages5 packages

▶msrcmsrc/windows_server_2016

▶CVEListV5microsoft_corporation/active_directoryWindows 10 1607 and Windows Server 2016

▶msrcmsrc/windows_10_version_1607_for_32-bit_systems

▶msrcmsrc/windows_10_version_1607_for_x64-based_systems

▶NVDmicrosoft/windows_101607

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-v9mj-gv7c-j2c8: A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious se↗2022-05-17

▶

📋Vendor Advisories

Microsoft

Active Directory Denial of Service Vulnerability↗2017-04-11

▶

🕵️Threat Intelligence

Recorded Future

China's Influence on National Network Vulnerability Publications | Recorded Future↗

▶

Recorded Future

China's Influence on National Network Vulnerability Publications↗

▶