Security Updates for Outlook (September 2017)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The version of Outlook installed on the remote host is affected by multiple vulnerabilities.

Description :

The version of Microsoft Outlook installed on the remote host
is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

- A remote code execution vulnerability exists in the
way that Microsoft Outlook parses specially crafted
email messages. An attacker who successfully exploited
the vulnerability could take control of an affected
system to then install programs; view, change, or
delete data; or create new accounts with full user
rights. (CVE-2017-0106)

- A security feature bypass vulnerability exists in
Microsoft Office software when it improperly handles the
parsing of file formats. To exploit the vulnerability,
an attacker would have to convince a user to open a
specially crafted file. (CVE-2017-0204)

- A remote code execution vulnerability exists when
Microsoft Office improperly validates input before
loading dynamic link library (DLL) files. An attacker
who successfully exploited this vulnerability could take
control of an affected system to then install programs;
view, change, or delete data; or create new accounts
with full user rights. (CVE-2017-8506)

- A remote code execution vulnerability exists in the way
that Microsoft Outlook parses specially crafted email
messages. An attacker who successfully exploited this
vulnerability could take control of an affected system.
(CVE-2017-8507)

- A security feature bypass vulnerability exists in
Microsoft Office software when it improperly handles the
parsing of file formats. (CVE-2017-8508)

- A security feature bypass vulnerability exists when
Microsoft Office Outlook improperly handles input.
An attacker who successfully exploited the vulnerability
could execute arbitrary commands. (CVE-2017-8571)

- An information disclosure vulnerability exists when
Microsoft Outlook fails to properly validate
authentication requests. (CVE-2017-8572)

- A remote code execution vulnerability exists in the way
that Microsoft Outlook parses specially crafted email
messages. An attacker who successfully exploited the
vulnerability could take control of an affected system.
(CVE-2017-8663)

See also :

http://www.nessus.org/u?8ac9b313
http://www.nessus.org/u?8f4ab525
http://www.nessus.org/u?16a66c3d
http://www.nessus.org/u?e5d09682
http://www.nessus.org/u?92c027cb

Solution :

Microsoft has released a set of patches for Outlook 2007, 2010, 2013,
and 2016.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now