Security readout for executives and security teams
Plain-English summary
This is a high-severity Microsoft Excel remote code execution issue affecting Office 2010 SP2 and related Office Web Apps/SharePoint 2010 SP2 components. It requires user interaction, so business risk is highest where legacy Office 2010 content is still opened or processed.
Executive priority
Treat this as a legacy technology risk. Prioritize patch confirmation or retirement for any Office 2010, Office Web Apps 2010, or SharePoint 2010 SP2 assets that still process business documents.
Technical view
CVE-2020-17122 is scored CVSS 3.1 7.8 with local attack vector, low complexity, no privileges required, and user interaction required. Impact is high for confidentiality, integrity, and availability. Microsoft lists official remediation through its update guidance.
Likely exposure
Exposure is likely limited to environments still running Microsoft Office 2010 SP2, Office Web Apps 2010 SP2, or SharePoint Server 2010 SP2 components. Modern Office deployments are not listed in the provided affected set.
Exploitation context
The bundle does not indicate CISA KEV listing or confirmed active exploitation. CVSS exploit maturity is unproven. The vulnerability still matters because successful exploitation could allow code execution after required user interaction.
Researcher notes
The public bundle is sparse and does not include CWE, root cause, exploit mechanics, or detailed patch notes. Analysis should stay anchored to Microsoft’s advisory, CVSS vector, affected products, and the absence of KEV evidence.
Mitigation direction
Apply Microsoft security updates from the MSRC CVE-2020-17122 guidance.
Identify and retire affected Office 2010 and SharePoint 2010 SP2 deployments.
Restrict handling of untrusted Office documents on legacy systems.
Check Microsoft guidance for any product-specific remediation details.
Validation and detection
Inventory endpoints and servers for the affected Microsoft 2010 products.
Confirm MSRC-listed security updates are installed on affected systems.
Review mail, file-share, and web-processing paths involving legacy Office documents.
Document exceptions where unsupported legacy components remain in use.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
description · low confidence lookup
Execution behavior lookup
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
1CVSS vectors
3Timeline events
1ADP providers
3Source links
CVSS vector scores
1 official score
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.