Number: AV17-114
Date: 28 July 2017
Purpose
The purpose of this advisory is to bring attention to recently released Microsoft Security Updates. This update resolves vulnerabilities that could allow remote code execution if a user opens a specially crafted Office file.
Assessment
The summary covers multiple out-of-band support package deployments addressing multiple vulnerabilities in various Microsoft products.
Affected Products:
- Microsoft Outlook 2007 Service Pack 3
- Microsoft Office 2010 Click-to-Run (C2R) for 64-bit editions
- Microsoft Office 2010 Click-to-Run (C2R) for 32-bit editions
- Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
- Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
- Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions
- Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions
- Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
- Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
- Microsoft Outlook 2016 (64-bit edition)
- Microsoft Outlook 2016 (32-bit edition)
CVE References: CVE-2017-8571, CVE-2017-8572, CVE-2017-8663
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References: