CVE-2017-0283

Name of the Vulnerable Software and Affected Versions Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1 Windows 8.1 Windows Server 2012 Gold and R2 Windows RT 8.1 Windows 10 Gold, 1511, 1607 Windows Server 2016 Microsoft Office 2007 SP3 Microsoft Office 2010 SP2 Microsoft Office Word Viewer Microsoft Lync 2013 SP1 Skype for Business 2016 Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows Microsoft Silverlight 5 when installed on Microsoft Windows

Description The issue is related to the way Windows Uniscribe handles objects in memory, allowing a remote code execution. This could enable an attacker to take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Windows Server 2008 SP2 and R2 SP1, consider applying security updates to address the issue. For Windows 7 SP1, apply the latest security patches to mitigate the risk. For Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016, ensure all latest updates are installed. For Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, and Skype for Business 2016, apply the latest security updates. For Microsoft Silverlight 5 Developer Runtime and Microsoft Silverlight 5, ensure you have the latest version installed and consider disabling unnecessary features until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.