CVE-2017-8570

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 through 2016

Description A remote code execution issue exists due to the way Microsoft Office handles objects in memory. This could allow a remote attacker to execute arbitrary code by using a specially crafted file. The exploitation requires a user to open the crafted file with an affected version of Microsoft Office. The issue is suspected to be exploited by the APT-C-43 (Machete) organization for information theft, particularly through spear-phishing techniques, targeting the military industry in Turkish, Korean, and American regions.

Recommendations For Microsoft Office versions 2007 through 2016, apply the official fix to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted files until the official patch is applied. Restrict access to sensitive areas of the software to minimize the risk of exploitation.