Lucene search

K
mskbMicrosoftKB2596904
HistoryMay 09, 2017 - 7:00 a.m.

Description of the security update for 2007 Microsoft Office Suite: May 9, 2017

2017-05-0907:00:00
Microsoft
support.microsoft.com
94

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.285 Low

EPSS

Percentile

96.7%

Description of the security update for 2007 Microsoft Office Suite: May 9, 2017

Summary

This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-0254 and Microsoft Common Vulnerabilities and Exposures CVE-2017-0281.

Note To apply this security update, you must have the release version of Service Pack 3 for the 2007 Microsoft Office Suite installed on the computer.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see security update deployment information: May 9, 2017.

Security update replacement information

This security update replaces security update.

File hash information

Package name Package hash SHA 1 Package hash SHA 2
riched202007-kb2596904-fullfile-x86-glb.exe 0561E4AA59DDF1B985DAF084EA330B41278E1BEC 9B97A3EE6CBCDF8B78A79FC7510D3F088AD4E2A2AB8D38D675C656665A7C2F35

File information

The English version of this security update has the file attributes (or later file attributes) that are listed in the following table.

For all supported x86-based versions of 2007 Microsoft Office Suite

File identifier File name File version File size Date Time
riched20.dll_0001 riched20.dll 12.0.6768.5000 1,073,360 12-Apr-2017 10:38

How to get help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International SupportPropose a feature or provide feedback on Office Core: Office User Voice portal

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.285 Low

EPSS

Percentile

96.7%