Microsoft has released security bulletin MS17-010 to address this security issue. In short, a remote code execution vulnerability exists in Microsoft Office software when Windows fails to provide integrity checks for specially crafted files. Attackers can leverage this vulnerability to execute malicious code on affected systems. The severity of this issue depends on the environment and company policies. Microsoft recommends installing this security update and review security policy documentation to help protect against the risk of this issue. Microsoft has released security bulletin MS17-010 to address this security issue. In short, a remote code execution vulnerability exists in Microsoft Office software when Windows fails to provide integrity checks for specially crafted files. Attackers can leverage this vulnerability to execute malicious code on affected systems. The severity of this issue depends on the environment and company policies. Microsoft recommends installing this security update and review security policy documentation to help protect against the risk of this issue. - Exploitation of this vulnerability requires that a user has opened a malicious Office file or visited a malicious website. - Exploitation of this vulnerability requires that user have not enabled Protected View in Microsoft Edge. - Microsoft Outlook on Windows 10 Anniversary Update and Windows Server 2016 is not affected by this issue.
Microsoft Office Software Overview
Microsoft Office is a suite of software applications created by Microsoft for the purpose of organizing, composing, presenting and collaborating with others. The suite comprises Microsoft Word, Microsoft Excel, Microsoft PowerPoint, Microsoft Access, and Microsoft Outlook.
The suite is designed to be used as an integrated desktop application or web-based service. It has been built on the concept that related documents and data should live in one place rather than spread out across disparate services. In addition to providing collaboration between people working together on different computers or devices, it allows those users to share information through the use of various social media platforms such as Skype or SharePoint.
Office is widely used around the world and is the most popular office suite for both business and personal use because it has powerful tools for document production, editing and sharing.
Mitigation Strategies:
It is recommended that all organizations upgrade their systems to the latest update and apply this security bulletin as soon as possible.
- Apply MS17-010 to computers running Windows 7, Windows 8.1, and Windows 10 Creators Update. - Apply MS17-010 to computers running Windows Server 2008 R2, Windows Server 2012, and Windows Server 2016.
How to check if you are vulnerable?
Microsoft has released security bulletin MS17-010 to address this security issue. In short, a remote code execution vulnerability exists in Microsoft Office software when Windows fails to provide integrity checks for specially crafted files. Attackers can leverage this vulnerability to execute malicious code on affected systems. The severity of this issue depends on the environment and company policies. Microsoft recommends installing this security update and review security policy documentation to help protect against the risk of this issue.
Vulnerability description
According to Microsoft, a vulnerability exists in Microsoft Office software when Windows fails to provide integrity checks for specially crafted files. Attackers can leverage this vulnerability to execute malicious code on affected systems. The severity of this issue depends on the environment and company policies. Microsoft recommends installing this security update and review security policy documentation to help protect against the risk of this issue.
The vulnerability affects Windows 10 and Windows Server 2016, as well as Outlook on Windows 10 Anniversary Update and Windows Server 2016.
Timeline
Published on: 10/11/2022 19:15:00 UTC
Last modified on: 10/11/2022 19:16:00 UTC