CVE-2017-8527

Name of the Vulnerable Software and Affected Versions Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1 Windows 8.1 Windows Server 2012 Gold and R2 Windows RT 8.1 Windows 10 versions 1511 through 1703 Windows Server 2016

Description The issue is related to the handling of objects in memory by the graphics component in Windows, which allows a remote code execution. This could enable an attacker to execute arbitrary code and affect the system. An attacker who successfully exploits this vulnerability could take control of the affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. The impact may be less severe for users with limited user rights compared to those operating with administrative user rights.

Recommendations For Windows Server 2008 SP2 and R2 SP1, update to a newer version to mitigate the risk. For Windows 7 SP1, update to a newer version to mitigate the risk. For Windows 8.1, update to a newer version to mitigate the risk. For Windows Server 2012 Gold and R2, update to a newer version to mitigate the risk. For Windows RT 8.1, update to a newer version to mitigate the risk. For Windows 10 versions 1511 through 1703, update to a newer version to mitigate the risk. For Windows Server 2016, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the Windows font library to minimize the risk of exploitation.