Home Microsoft CVE-2017-8543
CRITICAL: THIS VULNERABILITY IS ACTIVELY BEING EXPLOITED IN THE WILD (CISA KEV CATALOG)
Back to Microsoft

CVE-2017-8543

Exploited

Windows - Windows Search

Microsoft CVSS 9.8 Updated April 30, 2026

Executive Risk Summary

"A remote code execution vulnerability exists in Windows Search due to the improper handling of objects in memory, allowing an attacker to take control of the affected system. This vulnerability affects various versions of Windows, including Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, and Windows Server 2003, 2008, 2012, and 2016."

Anticipated Attack Path

  1. 1. Initial Exploitation
  2. 2. Privilege Escalation
  3. 3. Lateral Movement

Am I Vulnerable?

  • Verify Windows Search service is running
  • Check for suspicious search queries
  • Monitor system logs for unusual activity

Operational Audit Arsenal

Target Type Service
Target Asset WSearch
Standard Path C:\Windows\System32\SearchIndexer.exe
PowerShell 
# 🛠️ Senior Engineer Universal Audit
# Target: WSearch (Service)
$Targets = 'WSearch'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

Moderate

Internal Work Notes

Apply Windows patch to fix remote code execution vulnerability in Windows Search (CVE-2017-8543), PowerShell audit command: Get-WindowsUpdate -KB 'KB4022715' -Online

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttp://www.securityfocus.com/bid/98824
Official Advisoryhttp://www.securitytracker.com/id/1038667
MSRC Advisoryhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543
Official Advisoryhttp://www.securityfocus.com/bid/98824
Official Advisoryhttp://www.securitytracker.com/id/1038667
MSRC Advisoryhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8543

Related Microsoft Threats

CVE-2026-42901 CVSS 10

Microsoft Entra ID
CVE-2025-65041 CVSS 10

Microsoft Partner Center
CVE-2026-31957 CVSS 10

Microsoft Azure Entra ID and Intune - Himmelblau
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.