CVE-2017-8528

Name of the Vulnerable Software and Affected Versions Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1 Windows 8.1 Windows Server 2012 Gold and R2 Windows RT 8.1 Windows 10 Gold, 1511, 1607 Windows Server 2016 Microsoft Office 2007 SP3 Microsoft Office 2010 SP2

Description The issue is related to the way Uniscribe handles objects in memory, allowing a remote code execution. This could enable an attacker to take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Windows Server 2008 SP2 and R2 SP1, update the operating system to a newer version. For Windows 7 SP1, update the operating system to a newer version. For Windows 8.1, update the operating system to a newer version. For Windows Server 2012 Gold and R2, update the operating system to a newer version. For Windows RT 8.1, update the operating system to a newer version. For Windows 10 Gold, 1511, 1607, update the operating system to a newer version. For Windows Server 2016, update the operating system to a newer version. For Microsoft Office 2007 SP3, update Microsoft Office to a newer version. For Microsoft Office 2010 SP2, update Microsoft Office to a newer version.