Microsoft security updates – Out-of-Band

Number: AV17-114
Date: 28 July 2017

Purpose

The purpose of this advisory is to bring attention to recently released Microsoft Security Updates. This update resolves vulnerabilities that could allow remote code execution if a user opens a specially crafted Office file.

Assessment

The summary covers multiple out-of-band support package deployments addressing multiple vulnerabilities in various Microsoft products.

Affected Products:

• Microsoft Outlook 2007 Service Pack 3  
• Microsoft Office 2010 Click-to-Run (C2R) for 64-bit editions
• Microsoft Office 2010 Click-to-Run (C2R) for 32-bit editions           
• Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
• Microsoft Outlook 2013 Service Pack 1 (64-bit editions) 
• Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions  
• Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions   
• Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
• Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions  
• Microsoft Outlook 2016 (64-bit edition)    
• Microsoft Outlook 2016 (32-bit edition) 

CVE References: CVE-2017-8571, CVE-2017-8572, CVE-2017-8663

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

• https://portal.msrc.microsoft.com/en-us/security-guidance
• https://support.microsoft.com/en-us/help/3213643/description-of-the-security-update-for-outlook-2007-july-27-2017