Security Updates for Microsoft Word Products (December 2017)

High Nessus Plugin ID 105192


The Microsoft Word Products are affected by multiple vulnerabilities.


The Microsoft Word Products are missing security updates. Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure. The update disables the Dynamic Update Exchange protocol (DDE) in all supported editions of Microsoft Word. More information can be found in Microsoft Security Advisory 4053440.


Microsoft has released the following security updates to address this issue:

See Also

Plugin Details

Severity: High

ID: 105192

File Name: smb_nt_ms17_dec_word.nasl

Version: Revision: 1.2

Type: local

Agent: windows

Published: 2017/12/12

Modified: 2017/12/15

Dependencies: 13855, 27524, 57033

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:word

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Patch Publication Date: 2017/12/12

Vulnerability Publication Date: 2017/12/12

Reference Information

MSKB: 4011590, 4011608, 4011614, 4011575

MSFT: MS17-4011590, MS17-4011608, MS17-4011614, MS17-4011575

IAVA: 2017-A-0363