On May 10, 2017, Microsoft issued an out of band security update for all supported versions of the Microsoft Office products, including Microsoft Word, Microsoft Excel, and Microsoft PowerPoint. This security update fixes a critical vulnerability in Microsoft Office that could allow remote code execution if a user opened a specially crafted file with an affected version of Microsoft Office software. This vulnerability is now publicly known as CVE-2017-11882. Once this security update has been installed on a computer, attackers would not be able to exploit this vulnerability to execute code on a user’s computer. To help protect against attackers that try to exploit this vulnerability, Microsoft recommends installing this security update as soon as possible. Microsoft has a team of security engineers that actively monitors the threat landscape throughout the world. As soon as a new vulnerability is publicly announced, this team researches the vulnerability and determines if a patch needs to be released. If a patch needs to be released, this team begins the process of testing the patch, and releases the patch to the general public as soon as possible.

Microsoft Office Software

Microsoft Office is a set of productivity software applications and services developed by Microsoft. It includes a word processor, an e-mail client, a spreadsheet program, and presentation software. Office applications use the Microsoft Windows graphical user interface (GUI) or the X Window System to provide similar functionality.
This vulnerability is patched in Microsoft Office for all versions of Microsoft Word, Microsoft Excel, and Microsoft PowerPoint that are supported on Windows 10, Windows 8.1, Windows Server 2012 R2, Windows Server 2012 and earlier versions of Windows. This vulnerability is being patched as part of the May 2017 "Out of Band" update for Office for non-supported operating systems.

What is the Microsoft Office vulnerability?

On May 10, 2017, Microsoft issued an out of band security update for all supported versions of the Microsoft Office products, including Microsoft Word, Microsoft Excel, and Microsoft PowerPoint. This security update fixes a critical vulnerability in Microsoft Office that could allow remote code execution if a user opened a specially crafted file with an affected version of Microsoft Office software. This vulnerability is now publicly known as CVE-2017-11882. Once this security update has been installed on a computer, attackers would not be able to exploit this vulnerability to execute code on a user’s computer. To help protect against attackers that try to exploit this vulnerability, Microsoft recommends installing this security update as soon as possible. Microsoft has a team of security engineers that actively monitors the threat landscape throughout the world. As soon as a new vulnerability is publicly announced, this team researches the vulnerability and determines if a patch needs to be released. If a patch needs to be released, this team begins the process of testing the patch, and releases the patch to the general public as soon as possible.

How do I know if my computer is vulnerable?

If you are using Microsoft Office software, then your computer is vulnerable. If you are using Microsoft Office software on a computer that is not connected to the internet, then your computer is not vulnerable.

Microsoft Office - Vulnerability Details##

This vulnerability affects Microsoft Office software released prior to April 2016, including Word, Excel, and PowerPoint. The vulnerability is in the way that Microsoft Office software parses specially crafted files and allows remote code execution.
If you're using any Microsoft Office product prior to April 2016 and are vulnerable to this exploit, it is strongly recommended that you install this security update.

Microsoft Office Products Affected by CVE-2017-11882

This vulnerability affects Microsoft Office software running on the following operating systems: Microsoft Windows 7 Service Pack 1, Microsoft Windows 8.1, and Microsoft Windows 10.

Microsoft Word - All Language Versions
Microsoft Excel - All Language Versions
Microsoft PowerPoint - All Language Versions

Timeline

Published on: 10/11/2022 19:15:00 UTC
Last modified on: 10/11/2022 19:16:00 UTC

References