Microsoft announced the vulnerability CVE-2017-8487 on Patch Tuesday on June 13, 2017. Attackers can exploit this vulnerability to run arbitrary code in the context of the affected application, which may cause a denial of service.
See the following for more information about the vulnerability.
CVE identifier
CVE-2017-8487
Vulnerability name
Microsoft Windows OLE remote code execution vulnerability
Vulnerability rating
High
Vulnerability description
Attackers can exploit this vulnerability to run arbitrary code in the context of the application, which may cause a denial of service.
Condition and method of exploitation
Remote exploitation.
Affected scope
- Microsoft Windows Server 2003
- Microsoft Windows XP
- Microsoft Windows XP Embedded
Vulnerability detection
None
How to fix or mitigate
Do not run programs with the administrator privilege, and always run applications with minimal permissions. We recommend that you create a common account for each application and grant permissions to this account.
Install Microsoft updates as soon as possible. Alibaba Cloud users can download and install the patches by means of Windows Update or manually. Click to download.
Reference