CVE-2017-0022

Name of the Vulnerable Software and Affected Versions Microsoft XML Core Services (MSXML) versions in Windows 10 Gold, 1511, and 1607 Microsoft XML Core Services (MSXML) in Windows 7 SP1 Microsoft XML Core Services (MSXML) in Windows 8.1 Microsoft XML Core Services (MSXML) in Windows RT 8.1 Microsoft XML Core Services (MSXML) in Windows Server 2008 SP2 and R2 SP1 Microsoft XML Core Services (MSXML) in Windows Server 2012 Gold and R2 Microsoft XML Core Services (MSXML) in Windows Server 2016 Microsoft XML Core Services (MSXML) in Windows Vista SP2

Description The issue is related to the improper handling of objects in memory by Microsoft XML Core Services (MSXML) in Windows, allowing attackers to test for files on disk via a crafted web site. This can enable an attacker to obtain sensitive information. The exploitation of this issue can be done remotely.

Recommendations For Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607, update to a version that properly handles objects in memory. For Microsoft XML Core Services (MSXML) in Windows 7 SP1, update to a version that properly handles objects in memory. For Microsoft XML Core Services (MSXML) in Windows 8.1, update to a version that properly handles objects in memory. For Microsoft XML Core Services (MSXML) in Windows RT 8.1, update to a version that properly handles objects in memory. For Microsoft XML Core Services (MSXML) in Windows Server 2008 SP2 and R2 SP1, update to a version that properly handles objects in memory. For Microsoft XML Core Services (MSXML) in Windows Server 2012 Gold and R2, update to a version that properly handles objects in memory. For Microsoft XML Core Services (MSXML) in Windows Server 2016, update to a version that properly handles objects in memory. For Microsoft XML Core Services (MSXML) in Windows Vista SP2, update to a version that properly handles objects in memory.