Summary

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory when the engine is rendered in Internet Explorer. 

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer, and then convince a user to view the website. An attacker could also embed an ActiveX control that is marked "safe for initialization" in an application or Microsoft Office document that hosts the Internet Explorer rendering engine.

The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could be used to exploit this vulnerability. To learn more about the vulnerability, go to CVE-2017-0158.

More Information

Important

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:

Security update deployment information: May 9, 2017

More Information

Help for installing updates: Windows Update FAQ Security solutions for IT professionals: TechNet Security Support and Troubleshooting Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure Local support according to your country: International Support

File Information

File name

SHA1 hash

SHA256 hash

Windows6.0-KB4020535-ia64.msu

AFC67EB5B999CEA6DB864E96AAF500B37052DC6D

D261C0ECD7F1BF65E80CAE652C3B90045A2EEBEF84940B05FCFD44D7B536B855

Windows6.0-KB4020535-x64.msu

496634612B501E502835FEECF16C825566AD1A50

5A1936AA781A1E6653D2E8B444B7AE79E9BCD48E828318B8139AF7EEBB308EA4

Windows6.0-KB4020535-x86.msu

C709FF70E54A4EF5D1CA248D54B676DD9CACA05F

3DBD6EC4E507098D7BFB43AC8FE90BD2565B9597CFE8DD4130ABF132B7E9FFE3

File information The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.Windows Server 2008 file information

Note: The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

File name

File version

File size

Date

Time

Platform

Cdosys.dll

6.6.6002.24092

2,118,144

21-Apr-2017

15:17

IA-64

Msado60.tlb

6.0.6002.24092

73,728

21-Apr-2017

14:47

Not applicable

Msado15.dll

6.0.6002.19774

1,798,144

21-Apr-2017

15:46

IA-64

Msado15.dll

6.0.6002.24092

1,904,640

21-Apr-2017

15:18

IA-64

Cdosys.dll

6.6.6002.24092

805,888

21-Apr-2017

15:23

x86

Msado60.tlb

6.0.6002.24092

73,728

21-Apr-2017

14:42

Not applicable

Msado15.dll

6.0.6002.19774

708,608

21-Apr-2017

15:55

x86

Msado15.dll

6.0.6002.24092

737,280

21-Apr-2017

15:24

x86

File name

File version

File size

Date

Time

Platform

Cdosys.dll

6.6.6002.24092

1,151,488

21-Apr-2017

15:43

x64

Msado60.tlb

6.0.6002.24092

73,728

21-Apr-2017

15:07

Not applicable

Msado15.dll

6.0.6002.19774

974,848

21-Apr-2017

16:20

x64

Msado15.dll

6.0.6002.24092

1,036,288

21-Apr-2017

15:44

x64

Cdosys.dll

6.6.6002.24092

805,888

21-Apr-2017

15:23

x86

Msado60.tlb

6.0.6002.24092

73,728

21-Apr-2017

14:42

Not applicable

Msado15.dll

6.0.6002.19774

708,608

21-Apr-2017

15:55

x86

Msado15.dll

6.0.6002.24092

737,280

21-Apr-2017

15:24

x86

File name

File version

File size

Date

Time

Platform

Cdosys.dll

6.6.6002.24092

805,888

21-Apr-2017

15:23

x86

Msado60.tlb

6.0.6002.24092

73,728

21-Apr-2017

14:42

Not applicable

Msado15.dll

6.0.6002.19774

708,608

21-Apr-2017

15:55

x86

Msado15.dll

6.0.6002.24092

737,280

21-Apr-2017

15:24

x86

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.