Описание
Defense-in-Depth Update for Microsoft Office
Microsoft has released an update for Microsoft Office that turns off, by default, the Encapsulated PostScript (EPS) Filter in Office as a defense-in-depth measure. Microsoft is aware of limited targeted attacks that could leverage an unpatched vulnerability in the EPS filter and is taking this action to help reduce customer risk until the security update is released.
Microsoft strongly recommends against turning on the EPS filter at this time, however customers who need to turn on the EPS filter can reference KB Article 2479871.
Меры по смягчению последствий
The following mitigating factors may be helpful for customers who need to re-enable the EPS filter This vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker would have to host a website that contains an Office file containing a specially crafted EPS image that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link that takes them to the attacker's site, and then convince the user to open the file in an affected Microsoft Office application. There is no way for an attacker to force a user to open a specially crafted file in order for the vulnerability to be exploited.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | ||
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | ||
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | ||
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | ||
| Microsoft Office 2013 RT Service Pack 1 | - | |
| Microsoft Office 2016 (32-bit edition) | ||
| Microsoft Office 2016 (64-bit edition) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release