CVE-2017-8570 | Microsoft Office - Microsoft Office Core Operational Intel

Executive Risk Summary

"A remote code execution vulnerability exists in Microsoft Office due to the way it handles objects in memory. This vulnerability can be exploited by an attacker to execute arbitrary code on the affected system."

Anticipated Attack Path

1. Initial Exploitation: Attacker sends a malicious Office file to the victim
2. Post-Exploitation: Malicious code is executed on the victim's system
3. Lateral Movement: Attacker gains access to sensitive data and potentially moves laterally within the network

Am I Vulnerable?

Verify that all Microsoft Office versions are up-to-date
Block all incoming and outgoing traffic on unused ports
Implement a robust email filtering solution to block malicious attachments

Operational Audit Arsenal

Target Type Process

Target Asset winword.exe

Standard Path C:\Program Files\Microsoft Office\Root\Office16

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: winword.exe (Process)
$Targets = 'winword.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Unlikely

Minimal disruption expected, as the patch only updates specific Office components

Internal Work Notes

Apply Microsoft Office security update to address CVE-2017-8570, ensuring all systems are running the latest version of Microsoft Office to prevent remote code execution attacks.

Technical Intelligence & Operational Utilities • Delivered Weekly