Microsoft released security updates that resolve vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. The following updates were released in September 2017:
CVE-2017-8676: An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system.
CVE-2017-8695: An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
CVE-2017-8696: A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
KB Articles associated with this update:
3213568, 4011040, 4011107, 4025865, 4025866, 4025867
Successful exploitation allows an attacker to execute arbitrary code and bypass security restrictions to gain access to sensitive information.