CVE-2017-0014

Name of the Vulnerable Software and Affected Versions Microsoft Office 2010 SP2 Windows Server 2008 R2 SP1 Windows 7 SP1 Windows 8.1 Windows Server 2012 Gold and R2 Windows RT 8.1 Windows 10 versions Gold, 1511, and 1607 Windows Server 2016

Description The issue is related to insufficient access control in the Windows Graphics Component, which can be exploited by a remote attacker to execute arbitrary code via a specially crafted web site. This can allow the attacker to take control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system may be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Office 2010 SP2, update to a version that includes the fix for this issue. For Windows Server 2008 R2 SP1, apply the recommended security update. For Windows 7 SP1, install the latest security patch. For Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 versions Gold, 1511, and 1607, and Windows Server 2016, apply the respective security updates to resolve the issue. As a temporary workaround, consider restricting access to the Windows Graphics Component until a patch is available.