edit-icon download-icon

[Vulnerability notice] CVE-2017-8487: Microsoft Windows OLE remote code execution vulnerability

Last Updated: Mar 19, 2018

Microsoft announced the vulnerability CVE-2017-8487 on Patch Tuesday on June 13, 2017. Attackers can exploit this vulnerability to run arbitrary code in the context of the affected application, which may cause a denial of service.

See the following for more information about the vulnerability.


CVE identifier

CVE-2017-8487

Vulnerability name

Microsoft Windows OLE remote code execution vulnerability

Vulnerability rating

High

Vulnerability description

Attackers can exploit this vulnerability to run arbitrary code in the context of the application, which may cause a denial of service.

Condition and method of exploitation

Remote exploitation.

Affected scope

  • Microsoft Windows Server 2003
  • Microsoft Windows XP
  • Microsoft Windows XP Embedded

Vulnerability detection

None

How to fix or mitigate

Do not run programs with the administrator privilege, and always run applications with minimal permissions. We recommend that you create a common account for each application and grant permissions to this account.

Install Microsoft updates as soon as possible. Alibaba Cloud users can download and install the patches by means of Windows Update or manually. Click to download.

Reference

[1]. https://support.microsoft.com/en-us/help/4025218/security-update-for-windows-xp-and-windows-server-2003

Thank you! We've received your feedback.