Vulnerability Protection

Vulnerability in Microsoft Office Could Allow Remote Code Execution

Details

Report ID:

MS20170102

Date Published:

17 January 2017

Date Revised:

Criticality:

Important

Compromise Type:

Remote code execution

Compromise From:

Remote

Affected Product/Component:

Microsoft Office 2016
Microsoft SharePoint Enterprise Server 2016

Summary

A vulnerability in Microsoft Office could allow an attacker to execute code and take control of an affected system, if successfully exploited. 

Detailed Description

Microsoft has released a security update to address a remote code execution vulnerability in Microsoft Office. The vulnerability was caused by improper handling of objects in memory; if succesfully exploited, it could allow an attacker to execute arbitrary code and take control of an affected system. 

CVE Reference

CVE-2017-0003

Solution

Install the latest security patch for applicable systems, available for download from https://technet.microsoft.com/en-us/library/security/MS17-002

Source

Microsoft Security Bulletin MS17-002