CVE-2017-0063

Name of the Vulnerable Software and Affected Versions Windows versions prior to the fixed version

Description The issue is related to the Color Management Module (ICM32.dll) in Windows, which lacks protection of internal data. This can be exploited by a remote attacker through a crafted website, potentially allowing them to bypass security features and execute code, or cause a denial of service. The estimated number of potentially affected devices and details about real-world incidents are not specified.

Recommendations For Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1, update to a version that includes the fix for this issue. For Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the ICM32.dll module until a patch is available.