Rapid7 Vulnerability & Exploit Database

Microsoft ADV170005: Defense-in-Depth Update for Microsoft Office

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Microsoft ADV170005: Defense-in-Depth Update for Microsoft Office

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
04/11/2017
Created
08/24/2019
Added
08/23/2019
Modified
08/23/2019

Description

Microsoft has released an update for Microsoft Office that turns off, by default, the Encapsulated PostScript (EPS) Filter in Office as a defense-in-depth measure. Microsoft is aware of limited targeted attacks that could leverage an unpatched vulnerability in the EPS filter and is taking this action to help reduce customer risk until the security update is released. Microsoft strongly recommends against turning on the EPS filter at this time, however customers who need to turn on the EPS filter can reference KB Article 2479871.

Solution(s)

  • msft-kb3141538-2eda1995-af50-4493-81b3-6027b20986ad
  • msft-kb3141538-6be5e673-e3f6-4c8e-8834-732baf0eb5d3
  • msft-kb3178710-6a1d765c-2972-4a39-b223-c4bba198e659
  • msft-kb3178710-7ff87282-40e2-4090-aa68-2c844f03885e

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;