CVE-2017-8710

Name of the Vulnerable Software and Affected Versions Microsoft Windows 7 SP1 Windows Server 2008 SP2 Windows Server 2008 R2 SP1

Description The issue allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity. This can enable attackers to obtain sensitive information and affect the system.

Recommendations For Microsoft Windows 7 SP1, update to a version that includes the fix for this issue. For Windows Server 2008 SP2, update to a version that includes the fix for this issue. For Windows Server 2008 R2 SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Microsoft Common Console Document (.msc) to minimize the risk of exploitation.