edit-icon download-icon

[Vulnerability notice] CVE-2017-8528: Microsoft Windows Uniscribe remote code execution vulnerability

Last Updated: Mar 19, 2018

Microsoft announced the vulnerability CVE-2017-8528 on Patch Tuesday on June 13, 2017. Attackers can exploit this vulnerability by convincing the uninformed victim to open a malicious file or webpage, thus running arbitrary code remotely.

See the following for more information about the vulnerability.


CVE identifier

CVE-2017-8528

Vulnerability name

Microsoft Windows Uniscribe remote code execution vulnerability

Vulnerability rating

High

Vulnerability description

Attackers can exploit this vulnerability by convincing the uninformed victim to open a malicious file or webpage, thus running arbitrary code remotely. Successful exploits allow the attacker to take full control of the affected system.

Condition and method of exploitation

Remote exploitation.

Affected scope

Desktop operating systems and software:

  • Microsoft Office 2007 Service Pack 3
  • Microsoft Office 2010 Service Pack 2 (32-bit editions)
  • Microsoft Office 2010 Service Pack 2 (64-bit editions)
  • Microsoft Windows 7 for 32-bit Systems SP1
  • Microsoft Windows 7 for x64-based Systems SP1
  • Microsoft Windows 8.1 for 32-bit Systems
  • Microsoft Windows 8.1 for x64-based Systems
  • Microsoft Windows RT 8.1

Server operating systems:

  • Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
  • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for Itanium-based Systems R2
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2

Vulnerability detection

None

How to fix or mitigate

Install the Microsoft patches as soon as possible. Alibaba Cloud users can download and install the patches by means of Windows Update or manually. The download URL is https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8528.

Reference

[1]. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8528

Thank you! We've received your feedback.