MS14-017: Vulnerabilities in Microsoft Word and Office Web Apps could allow remote code execution: April 8, 2014

Introduction

This update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office.

Summary

Microsoft has released security bulletin MS14-017. Learn more about how to obtain the fixes included in this security bulletin: To have us fix this problem for you, go to the "Fix it for me" section.

Fix it for me

The Fix it solution described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios.

For more information about this workaround, go to the following Microsoft Security Advisory webpage: The advisory provides more information about the issue. This includes the following:
  • The scenarios in which you might apply or disable the workaround.
  • How to manually apply the workaround.
Specifically, to see this information, expand the Suggested actions section, and then expand the Workarounds section.


To enable or disable this Fix it solution, click the Fix it button or link under the Enable this fix it heading or under the Disable this fix it heading, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.

Disable opening RTF content in Microsoft Word

Enable this fix itDisable this fix it

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

More information about this security update

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.
  • 2878303 MS14-017: Description of the security update for Word 2003: April 8, 2014

    The following are the known issues in security update 2878303. For more information about these known issues, see security update 2878303.
  • 2878237 MS14-017: Description of the security update for Word 2007: April 8, 2014
  • 2863926 MS14-017: Description of the security update for Word 2010 Service Pack 1 and Service Pack 2: April 8, 2014
  • 2863919 MS14-017: Description of the security update for Word 2010 Service Pack 1 and Service Pack 2: April 8, 2014
  • 2863910 MS14-017: Description of the security update for Office 2013 and Office 2013 RT: April 8, 2014
  • 2939132 MS14-017: Description of the Microsoft Office for Mac 2011 14.4.1 Update: April 8, 2014
  • 2878304 MS14-017: Description of the security update for Word Viewer: April 8, 2014
  • 2878236 MS14-017: Description of the security update for the Office Compatibility Pack: April 8, 2014
  • 2863907 MS14-017: Description of the security update for Word Automation Services in Microsoft SharePoint Server 2013: April 8, 2014
  • 2878220 MS14-017: Description of the security update for Word Automation Services in SharePoint Server 2010: April 8, 2014
  • 2878221 MS14-017: Description of the security update for Word Web Apps: April 8, 2014
  • 2878219 MS14-017: Description of the security update for Office Web Apps Server 2013: April 8, 2014

    The following are the known issues in security update 2878219. For more information about these known issues, see security update 2878219.

    • This security update may fail to install on a computer that is running Microsoft Web Apps Server 2013 if the computer also has Office 2013 Service Pack 1 (SP1) installed. Microsoft is researching this problem. We will post more information in this article when the information becomes available.
File hash information
Properties

Article ID: 2949660 - Last Review: Apr 8, 2014 - Revision: 1

Feedback