On May 10, 2017, Microsoft issued an out of band security update for all supported versions of the Microsoft Office products, including Microsoft Word, Microsoft Excel, and Microsoft PowerPoint. This security update fixes a critical vulnerability in Microsoft Office that could allow remote code execution if a user opened a specially crafted file with an affected version of Microsoft Office software. This vulnerability is now publicly known as CVE-2017-11882. Once this security update has been installed on a computer, attackers would not be able to exploit this vulnerability to execute code on a user’s computer. To help protect against attackers that try to exploit this vulnerability, Microsoft recommends installing this security update as soon as possible. Microsoft has a team of security engineers that actively monitors the threat landscape throughout the world. As soon as a new vulnerability is publicly announced, this team researches the vulnerability and determines if a patch needs to be released. If a patch needs to be released, this team begins the process of testing the patch, and releases the patch to the general public as soon as possible.
What is the CVE-2017-11882 vulnerability?
CVE-2017-11882 is a vulnerability in Microsoft Office that allows an attacker to execute code on a user’s computer. To exploit this vulnerability, an attacker would need to convince the user to open a specially crafted document with an affected version of Microsoft Office software. Once opened, the vulnerability could allow the attacker to execute code on the user’s computer.
Frequently Asked Questions
Q: What is the scope of this vulnerability?
A: The scope of this vulnerability is that Microsoft Office software could be vulnerable to remote code execution if a user opened a specially crafted file with an affected version of Microsoft Office software.
Q: What are the possible ways in which an attacker could exploit the vulnerability?
A: The only way in which an attacker could exploit this vulnerability would be by convincing a user to open a specially crafted file with an affected version of Microsoft Office software.
Q: How do I know if I am at risk for exploitation?
A: To determine whether you are at risk for exploitation, please refer to your product documentation or contact your support center. If you have any questions, please visit our website and FAQ section.
Important updates for June 2017
In June 2017, Microsoft will release an out of band security update for all supported versions of the Microsoft Office products, including Microsoft Word, Microsoft Excel, and Microsoft PowerPoint. This security update fixes a critical vulnerability in Microsoft Office that could allow remote code execution if a user opened a specially crafted file with an affected version of Microsoft Office software. This vulnerability is now publicly known as CVE-2017-11882. Once this security update has been installed on a computer, attackers would not be able to exploit this vulnerability to execute code on a user’s computer. To help protect against attackers that try to exploit this vulnerability, Microsoft recommends installing this security update as soon as possible.
Step 1: Download the Latest Microsoft Office Security Update
Microsoft will release a new update for Microsoft Office as soon as possible. The latest update includes the fix for CVE-2017-11882, which is now publicly known as CVE-2022-21840. To ensure that you have the latest patch, download it from Microsoft Update or by using Windows Update.
Timeline
Published on: 01/11/2022 21:15:00 UTC
Last modified on: 01/14/2022 16:45:00 UTC