Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Microsoft Office security update

From: Canadian Centre for Cyber Security

Number: AV17-177
Date: 29 November 2017

Purpose

The purpose of this advisory is to bring attention to a recent security update for Microsoft Office.

Assessment

CCIRC is aware of a critical vulnerability in Microsoft Office.  Exploitation of this vulnerability may allow for remote code execution.

Affected Versions: 

  • Microsoft Office 2010 Service Pack 2 (32-bit editions) 
  • Microsoft Office 2010 Service Pack 2 (64-bit editions) 
  • Microsoft Office 2013 Service Pack 1 (32-bit editions) 
  • Microsoft Office 2013 Service Pack 1 (64-bit editions)  
  • Microsoft Office 2016 (32-bit edition)
  • Microsoft Office 2016 (64-bit edition) 
  • Microsoft Office 2007 Service Pack 3

CVE Reference: CVE-2017-11882

Suggested Action

CCIRC recommends that owner/operators test and deploy the vendor released updates or workarounds to affected platforms accordingly.

References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882

Date modified: