Applies ToWindows 10 Windows 10, version 1511, all editions Windows Server 2012 R2 Datacenter Windows Server 2012 R2 Standard Windows Server 2012 R2 Essentials Windows Server 2012 R2 Foundation Windows 8.1 Enterprise Windows 8.1 Pro Windows 8.1 Windows RT 8.1 Windows Server 2012 Datacenter Windows Server 2012 Datacenter Windows Server 2012 Standard Windows Server 2012 Standard Windows Server 2012 Essentials Windows Server 2012 Foundation Windows Server 2012 Foundation Windows Server 2008 R2 Service Pack 1 Windows Server 2008 R2 Datacenter Windows Server 2008 R2 Enterprise Windows Server 2008 R2 Standard Windows Server 2008 R2 Web Edition Windows Server 2008 R2 Foundation Windows 7 Service Pack 1 Windows 7 Ultimate Windows 7 Enterprise Windows 7 Professional Windows 7 Home Premium Windows 7 Home Basic Windows 7 Starter Windows Server 2008 Service Pack 2 Windows Server 2008 Datacenter Windows Server 2008 Enterprise Windows Server 2008 Standard Windows Server 2008 Web Edition Windows Server 2008 Foundation Windows Server 2008 for Itanium-Based Systems Windows Vista Service Pack 2 Windows Vista Ultimate Windows Vista Enterprise Windows Vista Business Windows Vista Home Premium Windows Vista Home Basic Windows Vista Starter Microsoft Office 2010 Service Pack 2 Lync 2010 Attendee Lync 2010 Microsoft Lync 2013 Skype for Business Skype for Business 2016 .NET Framework 3.5.1

Summary

This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.To learn more about the vulnerability, see Microsoft Security Bulletin MS16-039.

More Information

Important

  • All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.

  • 3114985 MS16-039: Description of the security update for Word Viewer: April 12, 2016

  • 3145739 MS16-039: Description of the security update for Windows Graphics Component: April 12, 2016

  • 3142042 MS16-039: Description of the security update for the .NET Framework 3.5.1 in Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: April 12, 2016

  • 3142043 MS16-039: Description of the security update for the .NET Framework 3.5 in Windows Server 2012: April 12, 2016

  • 3142045 MS16-039: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: April 12, 2016

  • 3142041 MS16-039: Description of the security update for the .NET Framework 3.0 Service Pack 2 in Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: April 12, 2016

  • 3114960 MS16-039: Description of the security update for Skype for Business 2016: April 12, 2016

  • 3114566 MS16-039: Description of the security update for Office 2010: April 12, 2016Known issues in this security update

    • After you install this security update, you may receive an error message that resembles the following when you try to start an Office application:

      The Windows installer service could not be accessed.

      To resolve this problem, do one of the following:

      • Option 1 On systems that have update 3139923 installed, make sure that update 3072630 is also installed.

      • Option 2 Uninstall update 3139923.

  • 3114944 MS16-039: Description of the security update for Lync 2013 (Skype for Business): April 12, 2016

  • 3144427 MS16-039: Description of the security update for Lync 2010: April 12, 2016

  • 3144428 MS16-039: Description of the security update for Lync 2010 Attendee (user level install): April 12, 2016

  • 3144429 MS16-039: Description of the security update for Lync 2010 Attendee (admin level install): April 12, 2016

  • 3144432 MS16-039: Description of the security update for Live Meeting Console: April 12, 2016

  • 3144431 MS16-039: Description of the security update for Live Meeting Add-in: April 12, 2016

  • 3114542 MS16-039: Description of the security update for 2007 Microsoft Office Suite: April 12, 2016

  • 3147461 Cumulative Update for Windows 10: April 12, 2016

  • 3147458 Cumulative update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: April 12, 2016

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.Note For Windows RT 8.1, this update is available through Windows Update only.

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.Click the download link in Microsoft Security Bulletin MS16-039 that corresponds to the version of Windows that you are running.

More Information

Windows Vista (all editions)Reference tableThe following table contains the security update information for this software.

Security update file names

For all supported 32-bit editions of Windows Vista:Windows6.0-KB3145739-x86.msu

For Microsoft .NET Framework 3.0 Service Pack 2 when installed on all supported 32-bit editions of Windows Vista:Windows6.0-KB3142041-x86.msu

For all supported x64-based editions of Windows Vista:Windows6.0-KB3145739-x64.msu

For Microsoft .NET Framework 3.0 Service Pack 2 when installed on all supported x64-based editions of Windows Vista:Windows6.0-KB3142041-x64.msu

Installation switches

For Microsoft Windows, see Microsoft Knowledge Base article 934307

For Microsoft .NET Framework, see Microsoft Knowledge Base article 2844699

Update log file

For Windows Vista:Not applicable

For Microsoft .NET Framework 3.0 Service Pack 2:Microsoft .NET Framework 3.0-KB3142041_*-msi0.txtMicrosoft .NET Framework 3.0-KB3142041_*.html

Restart requirement

For Windows Vista:Yes, you must restart your system after you apply this security update.

For Microsoft .NET Framework:This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

For Windows Vista: WUSA.exe does not support uninstalling updates. To uninstall an update that's installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.

For Microsoft .NET Framework:Click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.

File information

See Microsoft Knowledge Base article 3145739See Microsoft Knowledge Base article 3142041

Registry key verification

For Windows Vista: There is no registry key to validate the presence of this update.

For Microsoft .NET Framework 3.0 Service Pack 2:A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update.

Windows Server 2008 (all editions)Reference tableThe following table contains the security update information for this software.

Security update file names

For all supported 32-bit editions of Windows Server 2008:Windows6.0-KB3145739-x86.msu

For Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2:Windows6.0-KB3142041-x86.msu

For all supported x64-based editions of Windows Server 2008:Windows6.0-KB3145739-x64.msu

For Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2:Windows6.0-KB3142041-x64.msu

For all supported Itanium-based editions of Windows Server 2008:Windows6.0-KB3145739-ia64.msu

Installation switches

For Microsoft Windows, see Microsoft Knowledge Base article 934307

For Microsoft .NET Framework, see Microsoft Knowledge Base article 2844699

Update log file

For Windows Server 2008:Not applicable

For Microsoft .NET Framework 3.0 Service Pack 2:Microsoft .NET Framework 3.0-KB3142041_*-msi0.txtMicrosoft .NET Framework 3.0-KB3142041_*.html

Restart requirement

For Windows Server 2008:Yes, you must restart your system after you apply this security update.

For Microsoft .NET Framework:This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

For Windows Server 2008: WUSA.exe does not support uninstalling updates. To uninstall an update that's installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.

For Microsoft .NET Framework:Click Control Panel, and then click Security. Under Windows Update, click View installed updates, and select from the list of updates.

File information

See Microsoft Knowledge Base article 3145739See Microsoft Knowledge Base article 3142041

Registry key verification

For Windows Server 2008: A registry key does not exist to validate the presence of this update.

For Microsoft .NET Framework 3.0 Service Pack 2:A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update.

Windows 7 (all editions)Reference tableThe following table contains the security update information for this software.

Security update file name

For all supported 32-bit editions of Windows 7:Windows6.1-KB3145739-x86.msu

For Microsoft .NET Framework 3.5.1 on all supported 32-bit editions of Windows 7 Service Pack 1:Windows6.1-KB3142042-x86.msu

For all supported x64-based editions of Windows 7:Windows6.1-KB3145739-x64.msu

For Microsoft .NET Framework 3.5.1 on all supported x64-based editions of Windows 7 Service Pack 1:Windows6.1-KB3142042-x64.msu

Installation switches

For Microsoft Windows, see Microsoft Knowledge Base article 934307

For Microsoft .NET Framework, see Microsoft Knowledge Base article 2844699

Update log file

For Windows 7:Not applicable

For Microsoft .NET Framework 3.5.1:Not applicable.

Restart requirement

For Windows 7:Yes, you must restart your system after you apply this security update.

For Microsoft .NET Framework:This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

For Windows 7:To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates.

For Microsoft .NET Framework:Click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates.

File information

See Microsoft Knowledge Base article 3145739See Microsoft Knowledge Base article 3142042

Registry key verification

For Windows 7:A registry key does not exist to validate the presence of this update.

For Microsoft .NET Framework 3.5.1:A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update.

Windows Server 2008 R2 (all editions)Reference tableThe following table contains the security update information for this software.

Security update file name

For all supported x64-based editions of Windows Server 2008 R2:Windows6.1-KB3145739-x64.msu

For Microsoft .NET Framework 3.5.1 on all supported x64-based editions of Windows Server 2008 R2 Service Pack 1:Windows6.1-KB3142042-x64.msu

For all supported Itanium-based editions of Windows Server 2008 R2:Windows6.1-KB3145739-ia64.msu

Installation switches

For Microsoft Windows, see Microsoft Knowledge Base article 934307

For Microsoft .NET Framework, see Microsoft Knowledge Base article 2844699

Update log file

For Windows Server 2008 R2:Not applicable

For Microsoft .NET Framework 3.5.1:Not applicable

Restart requirement

For Windows Server 2008 R2:Yes, you must restart your system after you apply this security update.

For Microsoft .NET Framework:This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

For Windows Server 2008 R2:To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates.

For Microsoft .NET Framework:Click Control Panel, click System and Security, and click View installed updates under Windows Update, and then select from the list of updates.

File information

See Microsoft Knowledge Base article 3145739See Microsoft Knowledge Base article 3142042

Registry key verification

For Windows Server 2008 R2:A registry key does not exist to validate the presence of this update.

For Microsoft .NET Framework 3.5.1:A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update.

Windows 8.1 (all editions)Reference tableThe following table contains the security update information for this software.

Security update file name

For all supported 32-bit editions of Windows 8.1:Windows8.1-KB3145739-x86.msu

For Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit Systems:Windows8.1-KB3142045-x86.msu

For all supported x64-based editions of Windows 8.1:Windows8.1-KB3145739-x64.msu

For Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based Systems:Windows8.1-KB3142045-x64.msu

Installation switches

For Microsoft Windows, see Microsoft Knowledge Base article 934307

For Microsoft .NET Framework, see Microsoft Knowledge Base article 2844699

Restart requirement

For Windows 8.1:Yes, you must restart your system after you apply this security update.

For Microsoft .NET Framework:This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

For Windows 8.1:To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates.

For Microsoft .NET Framework:Click Control Panel, click System and Security, and then under Windows Update, click View update history and select from the list of updates.

File information

See Microsoft Knowledge Base article 3145739See Microsoft Knowledge Base article 3142045

Registry key verification

Registry keys do not exist to validate the presence of these updates.

Windows Server 2012 and Windows Server 2012 R2 (all editions)Reference tableThe following table contains the security update information for this software.

Security update file name

For all supported editions of Windows Server 2012:Windows8-RT-KB3145739-x64.msu

For Microsoft .NET Framework 3.5 on Windows Server 2012:Windows8-RT-KB3142043-x64.msu

For all supported editions of Windows Server 2012 R2:Windows8.1-KB3145739-x64.msu

For Microsoft .NET Framework 3.5 on Windows Server 2012 R2:Windows8.1-KB3142045-x64.msu

Installation switches

For Microsoft Windows, see Microsoft Knowledge Base article 934307

For Microsoft .NET Framework, see Microsoft Knowledge Base article 2844699

Restart requirement

For Windows Server 2012 and Windows Server 2012 R2:Yes, you must restart your system after you apply this security update.

For Microsoft .NET Framework:This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal information

For Windows Server 2012 and Windows Server 2012 R2:To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates.

For Microsoft .NET Framework:Click Control Panel, click System and Security, and then under Windows Update, click View update history and select from the list of updates.

File information

See Microsoft Knowledge Base article 3145739See Microsoft Knowledge Base article 3142043See Microsoft Knowledge Base article 3142045

Registry key verification

Registry keys do not exist to validate the presence of these updates.

Windows RT 8.1 (all editions)Reference tableThe following table contains the security update information for this software.

Deployment

The 3145739 update is available via Windows Update only.

Restart Requirement

You must restart the system after you apply this security update.

Removal Information

Click Control Panel, click System and Security, click Windows Update, click Installed updates under See also, and then select from the list of updates.

File Information

See Microsoft Knowledge Base article 3145739

Windows 10 (all editions)Reference tableThe following table contains the security update information for this software.

Security update file name

For all supported 32-bit editions of Windows 10:Windows10.0-KB3147461-x86.msu

For Microsoft .NET Framework 3.5 on all supported 32-bit editions of Windows 10:Windows10.0-KB3147461-x86.msu

For all supported x64-based editions of Windows 10:Windows10.0-KB3147461-x64.msu

For Microsoft .NET Framework 3.5 on all supported x64-based editions of Windows 10:Windows10.0-KB3147461-x64.msu

For all supported 32-bit editions of Windows 10 Version 1511:Windows10.0-KB3147458-x86.msu

For Microsoft .NET Framework 3.5 on all supported 32-bit editions of Windows 10 version 1511:Windows10.0-KB3147461-x86.msu

For all supported x64-based editions of Windows 10 Version 1511:Windows10.0-KB3147458-x64.msu

For Microsoft .NET Framework 3.5 on all supported x64-based editions of Windows 10 Version 1511:Windows10.0-KB3147461-x64.msu

Installation switches

For Microsoft Windows, see Microsoft Knowledge Base article 934307

For Microsoft .NET Framework, see Microsoft Knowledge Base article 2844699

Restart requirement

You must restart your system after you apply this security update.

Removal information

To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates, and select from the list of updates.

File information

See Microsoft Knowledge Base article 3147461

Registry key verification

Registry keys do not exist to validate the presence of these updates.

Microsoft Word Viewer (all editions)Reference tableThe following table contains the security update information for this software.

Security update file name

For Microsoft Word Viewer:office2003-kb3114985-fullfile-enu.exe

Installation switches

See Microsoft Knowledge Base article 912203

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.

Removal information

Use Add or Remove Programs item in Control Panel.

File information

See Microsoft Knowledge Base article 3114985

Registry key verification

Not applicable

Microsoft Office 2007 (all editions)Reference tableThe following table contains the security update information for this software.

Security update file name

For all supported editions of Microsoft Office 2007:ogl2007-kb3114542-fullfile-x86-glb.exe

Installation switches

See Microsoft Knowledge Base article 912203

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.

Removal information

Use Add or Remove Programs item in Control Panel.

File information

See Microsoft Knowledge Base article 3114542

Registry key verification

Not applicable

Microsoft Office 2010 (all editions)Reference tableThe following table contains the security update information for this software.

Security update file name

For all supported editions of Microsoft Office 2010 (32-bit editions):ogl2010-kb3114566-fullfile-x86-glb.exe

For all supported editions of Microsoft Office 2010 (64-bit editions):ogl2010-kb3114566-fullfile-x64-glb.exe

Installation switches

See Microsoft Knowledge Base article 912203

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.

Removal information

Use Add or Remove Programs item in Control Panel.

File information

See Microsoft Knowledge Base article 3114566

Registry key verification

Not applicable

Microsoft Live Meeting 2007, Microsoft Lync 2010, Microsoft Lync 2010 Attendee, Microsoft Lync 2013 (Skype for Business), and Microsoft Lync Basic 2013 (Skype for Business Basic)Reference tableThe following table contains the security update information for this software.

Security update file name

For Microsoft Live Meeting 2007 Console (3144432):LMSetup.exe

For Microsoft Lync 2010 (32-bit) (3144427):lync.msp

For Microsoft Lync 2010 (64-bit) (3144427):lync.msp

For Microsoft Lync 2010 Attendee (user level install) (3144428):AttendeeUser.msp

For Microsoft Lync 2010 Attendee (admin level install) (3144429):AttendeeAdmin.msp

For all supported editions of Microsoft Lync 2013 (Skype for Business) (32-bit) and Microsoft Lync Basic 2013 (Skype for Business Basic) (32-bit):lync2013-kb3114944-fullfile-x86-glb.exe

For all supported editions of Microsoft Lync 2013 (Skype for Business) (64-bit) and Microsoft Lync Basic 2013 (Skype for Business Basic) (64-bit):lync2013-kb3114944-fullfile-x64-glb.exe

For all supported 32-bit editions of Skype for Business 2016 and Skype for Business Basic 2016:lync2016-kb3114960-fullfile-x86-glb.exe

For all supported 64-bit editions of Skype for Business Basic 2016:lync2016-kb3114960-fullfile-x64-glb.exe

Installation switches

See Microsoft Knowledge Base article 912203

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.

Removal Information

Use Add or Remove Programs item in Control Panel.

File Information

For Microsoft Live Meeting 2007 Console:See Microsoft Knowledge Base article 3144432

For all supported editions of Microsoft Lync 2010:See Microsoft Knowledge Base article 3144427

For Microsoft Lync 2010 Attendee (user level install):See Microsoft Knowledge Base article 3144428

For Microsoft Lync 2010 Attendee (admin level install):See Microsoft Knowledge Base article 3144429

For Microsoft Link 2013 (Skype for Business) and Microsoft Link Basic 2013 (Skype for Business Basic):See Microsoft Knowledge Base article 3114944

For Skype for Business 2016 and Skype for Business Basic 2016:See Microsoft Knowledge Base article 3114960

Registry Key Verification

For Microsoft Live Meeting 2007 Console:Not applicable

For Microsoft Lync 2010 (32-bit):HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}Version = 7577.4498

For Microsoft Lync 2010 (64-bit):HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}Version = 7577.4498

For Microsoft Lync 2010 Attendee (user level install):HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}Version = 7577.4498

For Microsoft Lync 2010 Attendee (admin level install):HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\94E53390F8C13794999249B19E6CFE33\InstallProperties\DisplayVersion = 4.0.7577.4498

For Microsoft Lync 2013 (Skype for Business) and Microsoft Lync Basic 2013 (Skype for Business Basic):Not applicable

For Skype for Business 2016 and Skype for Business Basic 2016:Not applicable

Help for installing updates: Support for Microsoft UpdateSecurity solutions for IT professionals: TechNet Security Troubleshooting and SupportHelp for protecting your Windows-based computer from viruses and malware: Virus Solution and Security CenterLocal support according to your country: International Support

需要更多帮助?

需要更多选项?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.