CVE-2017-0298

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT 8.1 Microsoft Windows 10 versions Gold, 1511, 1607, 1703 Microsoft Windows Server 2016

Description A DCOM object in Helppane.exe allows an authenticated attacker to run arbitrary code in another user's session when configured to run as the interactive user. This issue can also allow attackers to obtain sensitive information and affect the system.

Recommendations For Microsoft Windows Server 2008 SP2 and R2 SP1, update the system to prevent elevation of privilege. For Microsoft Windows 7 SP1, apply the recommended security patch to resolve the issue. For Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 versions Gold, 1511, 1607, 1703, and Windows Server 2016, consider restricting the use of Helppane.exe until a patch is available. As a temporary workaround, consider disabling the DCOM object in Helppane.exe to minimize the risk of exploitation.