MS-ISAC CYBERSECURITY ADVISORIES

MS-ISAC ADVISORY NUMBER:
2016-133

DATE(S) ISSUED:
09/13/2016

SUBJECT:
Multiple Vulnerabilities in Microsoft Office Could Allow For Remote Code Execution (MS16-107)

OVERVIEW:

Multiple vulnerabilities have been discovered in Microsoft Office, the most severe of which could result in remote code execution if the user opens a specifically crafted Microsoft Office file. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEM AFFECTED: