8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.95 High
EPSS
Percentile
99.3%
10/10/2017
Critical
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information perform cross-site scripting and privilege escalations Below is a complete list of vulnerabilities:
Word Automation Services
Microsoft Lync 2013 Service Pack 1 (32-bit)
Microsoft Lync 2013 Service Pack 1 (64-bit)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Online Server 2016
Microsoft Office Web Apps Server 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Office Word Viewer
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Skype for Business 2016 (32-bit)
Skype for Business 2016 (64-bit)
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
ADV170017
CVE-2017-11776
CVE-2017-11777
CVE-2017-11774
CVE-2017-11775
CVE-2017-11786
CVE-2017-11820
CVE-2017-11826
CVE-2017-11825
CVE-2017-11775
CVE-2017-11776
CVE-2017-11777
CVE-2017-11786
CVE-2017-11820
CVE-2017-11825
CVE-2017-11826
ACE
CVE-2017-117746.8High
CVE-2017-117753.5Warning
CVE-2017-117765.0Warning
CVE-2017-117773.5Warning
CVE-2017-117869.3Critical
CVE-2017-118203.5Warning
CVE-2017-118259.3Critical
CVE-2017-118269.3Critical
3213623
3213630
3213647
3213648
3213659
4011068
4011159
4011162
4011170
4011178
4011179
4011180
4011194
4011196
4011217
4011222
4011231
4011232
4011236
3213627
4022208
4022206
4022172
4022176
4022188
4022189
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
support.microsoft.com/kb/3213623
support.microsoft.com/kb/3213627
support.microsoft.com/kb/3213630
support.microsoft.com/kb/3213647
support.microsoft.com/kb/3213648
support.microsoft.com/kb/3213659
support.microsoft.com/kb/4011068
support.microsoft.com/kb/4011159
support.microsoft.com/kb/4011162
support.microsoft.com/kb/4011170
support.microsoft.com/kb/4011178
support.microsoft.com/kb/4011179
support.microsoft.com/kb/4011180
support.microsoft.com/kb/4011194
support.microsoft.com/kb/4011196
support.microsoft.com/kb/4011217
support.microsoft.com/kb/4011222
support.microsoft.com/kb/4011231
support.microsoft.com/kb/4011232
support.microsoft.com/kb/4011236
support.microsoft.com/kb/4022172
support.microsoft.com/kb/4022176
support.microsoft.com/kb/4022188
support.microsoft.com/kb/4022189
support.microsoft.com/kb/4022206
support.microsoft.com/kb/4022208
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11775
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11776
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11777
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11786
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11820
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11825
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11826
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170017
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11774
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11775
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11775
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11777
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11777
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11820
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11820
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11825
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11825
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Access/
threats.kaspersky.com/en/product/Microsoft-Excel/
threats.kaspersky.com/en/product/Microsoft-Lync/
threats.kaspersky.com/en/product/Microsoft-Office-Access/
threats.kaspersky.com/en/product/Microsoft-Office-PowerPoint/
threats.kaspersky.com/en/product/Microsoft-Office-Visio/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Outlook/
threats.kaspersky.com/en/product/Microsoft-Sharepoint-Server/
threats.kaspersky.com/en/product/Microsoft-Word/
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.95 High
EPSS
Percentile
99.3%