Security Updates for Microsoft Word Products (December 2017)

High Nessus Plugin ID 105192

Synopsis

The Microsoft Word Products are affected by multiple vulnerabilities.

Description

The Microsoft Word Products are missing security updates. Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure. The update disables the Dynamic Update Exchange protocol (DDE) in all supported editions of Microsoft Word. More information can be found in Microsoft Security Advisory 4053440.

Solution

Microsoft has released the following security updates to address this issue:
-KB4011590
-KB4011608
-KB4011614
-KB4011575

See Also

http://www.nessus.org/u?e17d43f2

http://www.nessus.org/u?4ceb21ee

http://www.nessus.org/u?82734374

http://www.nessus.org/u?affd3524

http://www.nessus.org/u?314d33a5

Plugin Details

Severity: High

ID: 105192

File Name: smb_nt_ms17_dec_word.nasl

Version: Revision: 1.2

Type: local

Agent: windows

Published: 2017/12/12

Modified: 2017/12/15

Dependencies: 13855, 27524, 57033

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSSv3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:word

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Patch Publication Date: 2017/12/12

Vulnerability Publication Date: 2017/12/12

Reference Information

MSKB: 4011590, 4011608, 4011614, 4011575

MSFT: MS17-4011590, MS17-4011608, MS17-4011614, MS17-4011575

IAVA: 2017-A-0363