8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
07/11/2017
Critical
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges and spoof user interface.
Microsoft Exchange Server 2016 Cumulative Update 5
Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1
Microsoft Office 2016
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office for Mac 2011
Microsoft Office Online Server 2016
Microsoft Excel 2007 Service Pack 3
Microsoft Excel 2010 Service Pack 2
Microsoft Excel 2013 Service Pack 1
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2016
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft SharePoint Enterprise Server 2013
Microsoft SharePoint Enterprise Server 2016
Microsoft Exchange Server 2010 Service Pack 3
Microsoft Exchange Server 2013 Cumulative Update 16
Microsoft Exchange Server 2013 Service Pack 1
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
CVE-2017-0243
CVE-2017-8501
CVE-2017-8502
CVE-2017-8569
CVE-2017-8570
CVE-2017-0243
CVE-2017-8501
CVE-2017-8502
CVE-2017-8570
ACE
CVE-2017-02437.8Critical
CVE-2017-85017.8Critical
CVE-2017-85027.8Critical
CVE-2017-85707.8Critical
CVE-2017-85698.8Critical
3213537
2880514
3191833
3191894
3191897
3191902
3191907
3203459
3203468
3203469
3203477
3212224
3213544
3213545
3213555
3213559
3213624
3213640
3213657
This vulnerability can be exploited by the following malware:
support.microsoft.com/kb/2880514
support.microsoft.com/kb/3191833
support.microsoft.com/kb/3191894
support.microsoft.com/kb/3191897
support.microsoft.com/kb/3191902
support.microsoft.com/kb/3191907
support.microsoft.com/kb/3203459
support.microsoft.com/kb/3203468
support.microsoft.com/kb/3203469
support.microsoft.com/kb/3203477
support.microsoft.com/kb/3212224
support.microsoft.com/kb/3213537
support.microsoft.com/kb/3213544
support.microsoft.com/kb/3213545
support.microsoft.com/kb/3213555
support.microsoft.com/kb/3213559
support.microsoft.com/kb/3213624
support.microsoft.com/kb/3213640
support.microsoft.com/kb/3213657
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0243
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8501
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8502
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8569
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8570
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0243
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0243
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8501
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8501
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8502
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8502
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8569
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8570
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8570
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Excel/
threats.kaspersky.com/en/product/Microsoft-Exchange-Server/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Sharepoint-Server/
threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2017-8570/
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%