Summary
This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.Microsoft Security Bulletin MS16-039.
To learn more about the vulnerability, seeMore Information
Important
-
All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.
-
If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.
Additional information about this security update
The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.
-
3114985 MS16-039: Description of the security update for Word Viewer: April 12, 2016
-
3145739 MS16-039: Description of the security update for Windows Graphics Component: April 12, 2016
-
3142042 MS16-039: Description of the security update for the .NET Framework 3.5.1 in Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: April 12, 2016
-
3142043 MS16-039: Description of the security update for the .NET Framework 3.5 in Windows Server 2012: April 12, 2016
-
3142045 MS16-039: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: April 12, 2016
-
3142041 MS16-039: Description of the security update for the .NET Framework 3.0 Service Pack 2 in Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: April 12, 2016
-
3114960 MS16-039: Description of the security update for Skype for Business 2016: April 12, 2016
-
3114566 MS16-039: Description of the security update for Office 2010: April 12, 2016 Known issues in this security update
-
After you install this security update, you may receive an error message that resembles the following when you try to start an Office application:
The Windows installer service could not be accessed.
-
-
3114944 MS16-039: Description of the security update for Lync 2013 (Skype for Business): April 12, 2016
-
3144427 MS16-039: Description of the security update for Lync 2010: April 12, 2016
-
3144428 MS16-039: Description of the security update for Lync 2010 Attendee (user level install): April 12, 2016
-
3144429 MS16-039: Description of the security update for Lync 2010 Attendee (admin level install): April 12, 2016
-
3144432 MS16-039: Description of the security update for Live Meeting Console: April 12, 2016
-
3144431 MS16-039: Description of the security update for Live Meeting Add-in: April 12, 2016
-
3114542 MS16-039: Description of the security update for 2007 Microsoft Office Suite: April 12, 2016
-
3147461 Cumulative Update for Windows 10: April 12, 2016
-
3147458 Cumulative update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: April 12, 2016
How to obtain and install the update
Method 1: Windows Update
This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically. Note For Windows RT 8.1, this update is available through Windows Update only.
You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.Microsoft Security Bulletin MS16-039 that corresponds to the version of Windows that you are running.
Click the download link inMore Information
Windows Vista (all editions)Reference table
The following table contains the security update information for this software.
Security update file names |
For all supported 32-bit editions of Windows Vista: Windows6.0-KB3145739-x86.msu |
For Microsoft .NET Framework 3.0 Service Pack 2 when installed on all supported 32-bit editions of Windows Vista: Windows6.0-KB3142041-x86.msu |
|
For all supported x64-based editions of Windows Vista: Windows6.0-KB3145739-x64.msu |
|
For Microsoft .NET Framework 3.0 Service Pack 2 when installed on all supported x64-based editions of Windows Vista: Windows6.0-KB3142041-x64.msu |
|
Installation switches |
For Microsoft Windows, see Microsoft Knowledge Base article 934307 |
For Microsoft .NET Framework, see Microsoft Knowledge Base article 2844699 |
|
Update log file |
For Windows Vista: Not applicable |
For Microsoft .NET Framework 3.0 Service Pack 2: Microsoft .NET Framework 3.0-KB3142041_*-msi0.txt Microsoft .NET Framework 3.0-KB3142041_*.html |
|
Restart requirement |
For Windows Vista: Yes, you must restart your system after you apply this security update. |
For Microsoft .NET Framework: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. |
|
Removal information |
For Windows Vista: WUSA.exe does not support uninstalling updates. To uninstall an update that's installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates. |
For Microsoft .NET Framework: Click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates. |
|
File information |
See Microsoft Knowledge Base article 3145739 See Microsoft Knowledge Base article 3142041 |
Registry key verification |
For Windows Vista: There is no registry key to validate the presence of this update. |
For Microsoft .NET Framework 3.0 Service Pack 2: A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update. |
Windows Server 2008 (all editions)Reference table
The following table contains the security update information for this software.
Security update file names |
For all supported 32-bit editions of Windows Server 2008: Windows6.0-KB3145739-x86.msu |
For Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2: Windows6.0-KB3142041-x86.msu |
|
For all supported x64-based editions of Windows Server 2008: Windows6.0-KB3145739-x64.msu |
|
For Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2: Windows6.0-KB3142041-x64.msu |
|
For all supported Itanium-based editions of Windows Server 2008: Windows6.0-KB3145739-ia64.msu |
|
Installation switches |
For Microsoft Windows, see Microsoft Knowledge Base article 934307 |
For Microsoft .NET Framework, see Microsoft Knowledge Base article 2844699 |
|
Update log file |
For Windows Server 2008: Not applicable |
For Microsoft .NET Framework 3.0 Service Pack 2: Microsoft .NET Framework 3.0-KB3142041_*-msi0.txt Microsoft .NET Framework 3.0-KB3142041_*.html |
|
Restart requirement |
For Windows Server 2008: Yes, you must restart your system after you apply this security update. |
For Microsoft .NET Framework: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. |
|
Removal information |
For Windows Server 2008: WUSA.exe does not support uninstalling updates. To uninstall an update that's installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates. |
For Microsoft .NET Framework: Click Control Panel, and then click Security. Under Windows Update, click View installed updates, and select from the list of updates. |
|
File information |
See Microsoft Knowledge Base article 3145739 See Microsoft Knowledge Base article 3142041 |
Registry key verification |
For Windows Server 2008: A registry key does not exist to validate the presence of this update. |
For Microsoft .NET Framework 3.0 Service Pack 2: A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update. |
Windows 7 (all editions)Reference table
The following table contains the security update information for this software.
Security update file name |
For all supported 32-bit editions of Windows 7: Windows6.1-KB3145739-x86.msu |
For Microsoft .NET Framework 3.5.1 on all supported 32-bit editions of Windows 7 Service Pack 1: Windows6.1-KB3142042-x86.msu |
|
For all supported x64-based editions of Windows 7: Windows6.1-KB3145739-x64.msu |
|
For Microsoft .NET Framework 3.5.1 on all supported x64-based editions of Windows 7 Service Pack 1: Windows6.1-KB3142042-x64.msu |
|
Installation switches |
For Microsoft Windows, see Microsoft Knowledge Base article 934307 |
For Microsoft .NET Framework, see Microsoft Knowledge Base article 2844699 |
|
Update log file |
For Windows 7: Not applicable |
For Microsoft .NET Framework 3.5.1: Not applicable. |
|
Restart requirement |
For Windows 7: Yes, you must restart your system after you apply this security update. |
For Microsoft .NET Framework: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. |
|
Removal information |
For Windows 7: To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates. |
For Microsoft .NET Framework: Click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates. |
|
File information |
See Microsoft Knowledge Base article 3145739 See Microsoft Knowledge Base article 3142042 |
Registry key verification |
For Windows 7: A registry key does not exist to validate the presence of this update. |
For Microsoft .NET Framework 3.5.1: A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update. |
Windows Server 2008 R2 (all editions)Reference table
The following table contains the security update information for this software.
Security update file name |
For all supported x64-based editions of Windows Server 2008 R2: Windows6.1-KB3145739-x64.msu |
For Microsoft .NET Framework 3.5.1 on all supported x64-based editions of Windows Server 2008 R2 Service Pack 1: Windows6.1-KB3142042-x64.msu |
|
For all supported Itanium-based editions of Windows Server 2008 R2: Windows6.1-KB3145739-ia64.msu |
|
Installation switches |
For Microsoft Windows, see Microsoft Knowledge Base article 934307 |
For Microsoft .NET Framework, see Microsoft Knowledge Base article 2844699 |
|
Update log file |
For Windows Server 2008 R2: Not applicable |
For Microsoft .NET Framework 3.5.1: Not applicable |
|
Restart requirement |
For Windows Server 2008 R2: Yes, you must restart your system after you apply this security update. |
For Microsoft .NET Framework: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. |
|
Removal information |
For Windows Server 2008 R2: To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates. |
For Microsoft .NET Framework: Click Control Panel, click System and Security, and click View installed updates under Windows Update, and then select from the list of updates. |
|
File information |
See Microsoft Knowledge Base article 3145739 See Microsoft Knowledge Base article 3142042 |
Registry key verification |
For Windows Server 2008 R2: A registry key does not exist to validate the presence of this update. |
For Microsoft .NET Framework 3.5.1: A registry key does not exist to validate the presence of this update. Use WMI to detect for the presence of this update. |
Windows 8.1 (all editions)Reference table
The following table contains the security update information for this software.
Security update file name |
For all supported 32-bit editions of Windows 8.1: Windows8.1-KB3145739-x86.msu |
For Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit Systems: Windows8.1-KB3142045-x86.msu |
|
For all supported x64-based editions of Windows 8.1: Windows8.1-KB3145739-x64.msu |
|
For Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based Systems: Windows8.1-KB3142045-x64.msu |
|
Installation switches |
For Microsoft Windows, see Microsoft Knowledge Base article 934307 |
For Microsoft .NET Framework, see Microsoft Knowledge Base article 2844699 |
|
Restart requirement |
For Windows 8.1: Yes, you must restart your system after you apply this security update. |
For Microsoft .NET Framework: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. |
|
Removal information |
For Windows 8.1: To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates. |
For Microsoft .NET Framework: Click Control Panel, click System and Security, and then under Windows Update, click View update history and select from the list of updates. |
|
File information |
See Microsoft Knowledge Base article 3145739 See Microsoft Knowledge Base article 3142045 |
Registry key verification |
Registry keys do not exist to validate the presence of these updates. |
Windows Server 2012 and Windows Server 2012 R2 (all editions)Reference table
The following table contains the security update information for this software.
Security update file name |
For all supported editions of Windows Server 2012: Windows8-RT-KB3145739-x64.msu |
For Microsoft .NET Framework 3.5 on Windows Server 2012: Windows8-RT-KB3142043-x64.msu |
|
For all supported editions of Windows Server 2012 R2: Windows8.1-KB3145739-x64.msu |
|
For Microsoft .NET Framework 3.5 on Windows Server 2012 R2: Windows8.1-KB3142045-x64.msu |
|
Installation switches |
For Microsoft Windows, see Microsoft Knowledge Base article 934307 |
For Microsoft .NET Framework, see Microsoft Knowledge Base article 2844699 |
|
Restart requirement |
For Windows Server 2012 and Windows Server 2012 R2: Yes, you must restart your system after you apply this security update. |
For Microsoft .NET Framework: This update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. |
|
Removal information |
For Windows Server 2012 and Windows Server 2012 R2: To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click View installed updates under Windows Update, and then select from the list of updates. |
For Microsoft .NET Framework: Click Control Panel, click System and Security, and then under Windows Update, click View update history and select from the list of updates. |
|
File information |
See Microsoft Knowledge Base article 3145739 See Microsoft Knowledge Base article 3142043 See Microsoft Knowledge Base article 3142045 |
Registry key verification |
Registry keys do not exist to validate the presence of these updates. |
Windows RT 8.1 (all editions)Reference table
The following table contains the security update information for this software.
Deployment |
The 3145739 update is available via Windows Update only. |
Restart Requirement |
You must restart the system after you apply this security update. |
Removal Information |
Click Control Panel, click System and Security, click Windows Update, click Installed updates under See also, and then select from the list of updates. |
File Information |
Windows 10 (all editions)Reference table
The following table contains the security update information for this software.
Security update file name |
For all supported 32-bit editions of Windows 10: Windows10.0-KB3147461-x86.msu |
For Microsoft .NET Framework 3.5 on all supported 32-bit editions of Windows 10: Windows10.0-KB3147461-x86.msu |
|
For all supported x64-based editions of Windows 10: Windows10.0-KB3147461-x64.msu |
|
For Microsoft .NET Framework 3.5 on all supported x64-based editions of Windows 10: Windows10.0-KB3147461-x64.msu |
|
For all supported 32-bit editions of Windows 10 Version 1511: Windows10.0-KB3147458-x86.msu |
|
For Microsoft .NET Framework 3.5 on all supported 32-bit editions of Windows 10 version 1511: Windows10.0-KB3147461-x86.msu |
|
For all supported x64-based editions of Windows 10 Version 1511: Windows10.0-KB3147458-x64.msu |
|
For Microsoft .NET Framework 3.5 on all supported x64-based editions of Windows 10 Version 1511: Windows10.0-KB3147461-x64.msu |
|
Installation switches |
For Microsoft Windows, see Microsoft Knowledge Base article 934307 |
For Microsoft .NET Framework, see Microsoft Knowledge Base article 2844699 |
|
Restart requirement |
You must restart your system after you apply this security update. |
Removal information |
To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates, and select from the list of updates. |
File information |
|
Registry key verification |
Registry keys do not exist to validate the presence of these updates. |
Microsoft Word Viewer (all editions)Reference table
The following table contains the security update information for this software.
Security update file name |
For Microsoft Word Viewer: office2003-kb3114985-fullfile-enu.exe |
Installation switches |
|
Restart requirement |
In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. Microsoft Knowledge Base article 887012. To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see |
Removal information |
Use Add or Remove Programs item in Control Panel. |
File information |
|
Registry key verification |
Not applicable |
Microsoft Office 2007 (all editions)Reference table
The following table contains the security update information for this software.
Security update file name |
For all supported editions of Microsoft Office 2007: ogl2007-kb3114542-fullfile-x86-glb.exe |
Installation switches |
|
Restart requirement |
In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. Microsoft Knowledge Base Article 887012. To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see |
Removal information |
Use Add or Remove Programs item in Control Panel. |
File information |
|
Registry key verification |
Not applicable |
Microsoft Office 2010 (all editions)Reference table
The following table contains the security update information for this software.
Security update file name |
For all supported editions of Microsoft Office 2010 (32-bit editions): ogl2010-kb3114566-fullfile-x86-glb.exe |
For all supported editions of Microsoft Office 2010 (64-bit editions): ogl2010-kb3114566-fullfile-x64-glb.exe |
|
Installation switches |
|
Restart requirement |
In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. Microsoft Knowledge Base article 887012. To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see |
Removal information |
Use Add or Remove Programs item in Control Panel. |
File information |
|
Registry key verification |
Not applicable |
Microsoft Live Meeting 2007, Microsoft Lync 2010, Microsoft Lync 2010 Attendee, Microsoft Lync 2013 (Skype for Business), and Microsoft Lync Basic 2013 (Skype for Business Basic)Reference table
The following table contains the security update information for this software.
Security update file name |
For Microsoft Live Meeting 2007 Console (3144432): LMSetup.exe |
For Microsoft Lync 2010 (32-bit) (3144427): lync.msp |
|
For Microsoft Lync 2010 (64-bit) (3144427): lync.msp |
|
For Microsoft Lync 2010 Attendee (user level install) (3144428): AttendeeUser.msp |
|
For Microsoft Lync 2010 Attendee (admin level install) (3144429): AttendeeAdmin.msp |
|
For all supported editions of Microsoft Lync 2013 (Skype for Business) (32-bit) and Microsoft Lync Basic 2013 (Skype for Business Basic) (32-bit): lync2013-kb3114944-fullfile-x86-glb.exe |
|
For all supported editions of Microsoft Lync 2013 (Skype for Business) (64-bit) and Microsoft Lync Basic 2013 (Skype for Business Basic) (64-bit): lync2013-kb3114944-fullfile-x64-glb.exe |
|
For all supported 32-bit editions of Skype for Business 2016 and Skype for Business Basic 2016: lync2016-kb3114960-fullfile-x86-glb.exe |
|
For all supported 64-bit editions of Skype for Business Basic 2016: lync2016-kb3114960-fullfile-x64-glb.exe |
|
Installation switches |
|
Restart requirement |
In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. Microsoft Knowledge Base article 887012. To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see |
Removal Information |
Use Add or Remove Programs item in Control Panel. |
File Information |
For Microsoft Live Meeting 2007 Console:Microsoft Knowledge Base article 3144432 See |
For all supported editions of Microsoft Lync 2010:Microsoft Knowledge Base article 3144427 See |
|
For Microsoft Lync 2010 Attendee (user level install):Microsoft Knowledge Base article 3144428 See |
|
For Microsoft Lync 2010 Attendee (admin level install):Microsoft Knowledge Base article 3144429 See |
|
For Microsoft Link 2013 (Skype for Business) and Microsoft Link Basic 2013 (Skype for Business Basic):Microsoft Knowledge Base article 3114944 See |
|
For Skype for Business 2016 and Skype for Business Basic 2016:Microsoft Knowledge Base article 3114960 See |
|
Registry Key Verification |
For Microsoft Live Meeting 2007 Console: Not applicable |
For Microsoft Lync 2010 (32-bit): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} Version = 7577.4498 |
|
For Microsoft Lync 2010 (64-bit): HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} Version = 7577.4498 |
|
For Microsoft Lync 2010 Attendee (user level install): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} Version = 7577.4498 |
|
For Microsoft Lync 2010 Attendee (admin level install): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\94E53390F8C13794999249B19E6CFE33\InstallProperties\DisplayVersion = 4.0.7577.4498 |
|
For Microsoft Lync 2013 (Skype for Business) and Microsoft Lync Basic 2013 (Skype for Business Basic): Not applicable |
|
For Skype for Business 2016 and Skype for Business Basic 2016: Not applicable |
Help for installing updates: Support for Microsoft Update Security solutions for IT professionals: TechNet Security Troubleshooting and Support Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center Local support according to your country: International Support