Microsoft addresses a critical remote code execution vulnerability in multiple versions of Office that could allow attackers to take complete control of affected systems.
Microsoft has released security updates to address a critical vulnerability in multiple versions of Microsoft Office that could allow remote code execution. The vulnerability, tracked as CVE-2017-20230, is rated with a CVSS score of 7.6 (High severity).
The vulnerability exists in the way Microsoft Office handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, the attacker could take control of the affected system. This could allow the attacker to install programs, view, change, or delete data, or create new accounts with full user rights.
Affected products include:
- Microsoft Office 2016
- Microsoft Office 2013
- Microsoft Office 2010
- Microsoft Office 2007
- Microsoft Office for Mac 2011
- Microsoft Office Compatibility Pack
The vulnerability could be exploited if a user opens a specially crafted Office file. An attacker could then host a website containing a specially crafted Office file that is designed to exploit the vulnerability. Alternatively, an attacker could use a website that accepts or hosts user-provided content to include a specially crafted Office file that is designed to exploit the vulnerability. In both scenarios, an attacker could convince a user to open the specially crafted file.
Microsoft has released security updates to address this vulnerability. Organizations and users should apply these updates as soon as possible.
Mitigation steps:
- Apply the security updates provided by Microsoft immediately.
- Use Microsoft Office Protected View to open files from untrusted sources.
- Configure Microsoft Office to block macros from the internet.
- Use the Enhanced Mitigation Experience Toolkit (EMET) to add additional protections.
The security updates were released as part of Microsoft's monthly security updates on November 14, 2017. For organizations using Windows Server Update Services (WSUS) or System Center Configuration Manager, these updates can be deployed through these systems.
For more information about this vulnerability and the available updates, visit the Microsoft Security Advisory or the Security Update Guide.
Organizations should prioritize applying this update due to the high severity of the vulnerability and the potential for complete system compromise.
Comments
Please log in or register to join the discussion