MS15-022: Description of the security update for Office 2013: March 10, 2015

Applies to: Microsoft Office 2013 Service Pack 1

Introduction


This update resolves vulnerabilities in Microsoft Office that could allow remote code execution when an Office file that is located in the same network directory as a specially crafted library file is opened.

Improvements and fixes

This update contains the following improvements:
  • This update enables Office 2013 applications to call a service that delivers contextual messages for display in the applications.
  • This update uses the new registry entries that are provided by OneDrive to comply with the SkyDrive-to-OneDrive change.
  • Improves Customer Experience Improvement Program logs by including additional diagnostic/trouble-shooting information.


This update also contains fixes for the following nonsecurity issues:
  • When you share a link to a Word 2013, Excel 2013, or PowerPoint 2013 file through an instant message, the document URL is not sent in the message.
  • Several language strings are only partly localized and are grammatically incorrect on a SharePoint 2013 site.






  • You receive the entries from the nickname cache when you perform a search for people in Outlook 2013.
  • Outlook 2013 crashes if the download of a linked image is canceled.
  • After you install this update, when you start Outlook, the LinkedIn Outlook Social Connector add-in will not be loaded by default.
  • In a hybrid SharePoint environment, users cannot access both Office 365 SharePoint locations and SharePoint 2013 on-premises locations in the Open and Save As tabs of Office 2013 applications.

Summary


Microsoft has released security bulletin MS15-022. Learn more about how to obtain the fixes that are included in this security bulletin:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International support

More information about this security update

Download information

This update is available for download from the Microsoft Download Center.

Prerequisites to apply this security update

For Access Excel standalone only: To apply this security update, you must also install the following update:
2881035 Update 2881035 for Office 2013 June 10, 2014

Restart information

You may have to restart the computer after you install this security update.

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart the computer.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install this security update.

Learn about why you may be prompted to restart your computer after you install a security update on a Windows-based computer.

Removal information

Note We do not recommend that you remove any security update.

To remove this security update, use the Add or Remove Programs item or the Programs and Features item in Control Panel.

Note When you remove this security update, you may be prompted to insert the disc that contains Microsoft Office. Additionally, you may not have the option to uninstall this security update from the Add or Remove Programs item or from the Programs and Features item in Control Panel. There are several possible causes for this issue.

Learn about the ability to uninstall Office updates .

Security update replacement information

This security update replaces security update 2878316.