Microsoft Office CVE-2017-8570

Apply Microsoft's July 2017 Security Update for Office, which addresses CVE-2017-8570 across all affected versions (2007 SP3, 2010 SP2, 2013 SP1, 2016). Patches available through Windows Update, Microsoft Update Catalog, or the vendor advisory at https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8570. For systems that cannot immediately patch, implement Protected View for all Office document sources (configured via Group Policy or Trust Center settings) to force documents into sandboxed read-only mode, though this reduces productivity and may be bypassed by users. Disable OLE package activation through registry modifications (HKEY_CURRENT_USER\Software\Microsoft\Office\[version]\[application]\Security\PackagerPrompt set to 2), which prevents automatic execution of embedded objects but may break legitimate documents containing embedded content. Email gateway filtering should block or quarantine Office documents with embedded Composite Moniker objects or remote OLE references. User awareness training should emphasize risks of opening Office documents from untrusted sources, though social engineering success rates make this a weak compensating control. Given the vulnerability's age and confirmed exploitation, patching remains the only reliable long-term mitigation.