Security Advisory - January 10, 2017

Zscaler protects against 1 new vulnerability for Microsoft Office.

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 1 vulnerability included in the January 2017 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections as necessary. 

MS17-002 – Security Update for Microsoft Office

This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. The security update addresses the vulnerability by correcting how affected versions of Office and Office components handle objects in memory. 

Severity: Critical

Affected Software

  • Microsoft Office 2016
  • Microsoft SharePoint Enterprise Server 2016

CVE-2017-0003 – Internet Explorer Memory Corruption Vulnerability