Name of the Vulnerable Software and Affected Versions:

Microsoft Office versions 2007 SP3 through 2016

Microsoft Windows versions Vista SP2 through 8.1

Windows Server 2008 SP2

Description:

The issue allows remote attackers to execute arbitrary code via a crafted document. This is related to insufficient access control in Microsoft Office and Windows. An attacker who successfully exploits this could take control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires a user to open or preview a specially crafted file with an affected version of Microsoft Office or WordPad.

Recommendations:

For Microsoft Office 2007 SP3, update to a newer version to mitigate the risk.

For Microsoft Office 2010 SP2, update to a newer version to mitigate the risk.

For Microsoft Office 2013 SP1, update to a newer version to mitigate the risk.

For Microsoft Office 2016, update to a newer version to mitigate the risk.

For Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8.1, update to a newer version to mitigate the risk.

As a temporary workaround, consider avoiding the use of `specially crafted files` in the affected API endpoint until the issue is resolved.

Restrict access to the vulnerable `Microsoft Office` and `WordPad` components to minimize the risk of exploitation.