Detections
Analytics

Security Updates for Microsoft Word Products (December 2017)

high Nessus Plugin ID 105192

Language:

Synopsis

The Microsoft Word Products are affected by multiple vulnerabilities.

Description

The Microsoft Word Products are missing security updates. Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure. The update disables the Dynamic Update Exchange protocol (DDE) in all supported editions of Microsoft Word. More information can be found in Microsoft Security Advisory 4053440.

Solution

Microsoft has released the following security updates to address this issue:
 -KB4011590
 -KB4011608
 -KB4011614
 -KB4011575

See Also

http://www.nessus.org/u?e17d43f2

http://www.nessus.org/u?4ceb21ee

http://www.nessus.org/u?82734374

http://www.nessus.org/u?affd3524

http://www.nessus.org/u?314d33a5

Plugin Details

Severity: High

ID: 105192

File Name: smb_nt_ms17_dec_word.nasl

Version: 1.3

Type: local

Agent: windows

Published: 12/12/2017

Updated: 2/20/2023

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:word

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Patch Publication Date: 12/12/2017

Vulnerability Publication Date: 12/12/2017

Reference Information

IAVA: 2017-A-0363-S

MSFT: MS17-4011575, MS17-4011590, MS17-4011608, MS17-4011614

MSKB: 4011575, 4011590, 4011608, 4011614