{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2017-3735/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":5.3,"id":"CVE-2017-3735"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["vulnerability","microsoft","cve-2017-3735"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2017-3735 is a security vulnerability affecting Microsoft products. While the specific product and nature of the vulnerability are not detailed in the provided source, its existence poses a potential risk to systems running vulnerable versions of Microsoft software. This could lead to unauthorized access, code execution, or other malicious activities if exploited. Defenders need to identify the affected product and patch accordingly.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Identification:\u003c/strong\u003e Attacker identifies a system running a Microsoft product vulnerable to CVE-2017-3735.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eExploit Development/Acquisition:\u003c/strong\u003e Attacker develops a custom exploit or obtains an existing exploit for CVE-2017-3735.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access:\u003c/strong\u003e Attacker leverages the exploit to gain initial access to the targeted system. This step is specific to the product affected, and might involve network protocols or local execution.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation (If Required):\u003c/strong\u003e If the initial access is limited, the attacker might attempt to escalate privileges to gain higher-level control over the system.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePayload Deployment:\u003c/strong\u003e The attacker deploys a malicious payload onto the compromised system. This could be malware, a backdoor, or other malicious tools.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCommand and Control:\u003c/strong\u003e The attacker establishes a command and control (C2) channel with the compromised system to remotely control it and exfiltrate data.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLateral Movement (Optional):\u003c/strong\u003e The attacker moves laterally to other systems within the network, compromising additional assets.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eObjective Completion:\u003c/strong\u003e The attacker achieves their final objective, such as data theft, system disruption, or financial gain.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2017-3735 can lead to a range of negative consequences, including unauthorized access to sensitive data, system compromise, and potential disruption of services. The specific impact depends on the affected product and the attacker\u0026rsquo;s objectives. If successfully exploited across a large number of systems, the vulnerability could result in significant financial losses and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIdentify the specific Microsoft product affected by CVE-2017-3735 by consulting the Microsoft Security Response Center (\u003ca href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2017-3735\"\u003ehttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2017-3735\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eApply the appropriate security patches or updates provided by Microsoft for the affected product to remediate CVE-2017-3735.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity related to exploitation attempts targeting CVE-2017-3735 using a network intrusion detection system (NIDS). Deploy the network connection rule below for initial recon activity.\u003c/li\u003e\n\u003cli\u003eImplement the process creation rule below to look for unexpected child processes spawned after applying the patch to identify potential bypass attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"/briefs/2024-01-cve-2017-3735/","summary":"CVE-2017-3735 is a vulnerability impacting Microsoft products, potentially allowing unauthorized access or code execution.","title":"CVE-2017-3735 Vulnerability Targeting Microsoft Products","url":"https://feed.craftedsignal.io/briefs/2024-01-cve-2017-3735/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2017-3735","version":"https://jsonfeed.org/version/1.1"}