MS14-082: Vulnerabilities in Microsoft Office could allow remote code execution: December 9, 2014


Introduction


This security update resolves a vulnerability that could allow remote code execution or security feature bypass if a specially crafted file is opened in an affected edition of Microsoft Office.

Summary


Microsoft has released security bulletin MS14-082. Learn more about how to obtain the fixes that are included in this security bulletin:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

More Information


Known issues and additional information about this security update

Known issues with this security update

  • After you install this security update, you may receive an error message that resembles any of the following when you insert a Forms ActiveX control (forms3) into an Office document, or when you edit the properties of a control:



    Visio cannot insert this control because its TypeInfo did not merge correctly. Ensure all parameter types are VBA friendly. Delete TEMP *.exd file if necessary.
    Object library invalid or contains references to object definitions that could not be found.
    OR
    Cannot insert object.
    OR
    The program used to create this object is Forms. That program is either not installed on your computer or it is not responding. To edit this object, install Forms or ensure that any dialog boxes in Forms are closed.
    Note In this error message, the Forms text may also be replaced by the GUID of the control.
For more information about how to resolve this issue, click the following article number to view the article in the Microsoft Knowledge Base:
3025036  "Cannot insert object" error in an ActiveX custom Office solution after you install the MS14-082 security update


The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.
  • 2726958 MS14-082: Description of the security update for Microsoft Office 2013: December 9, 2014
  • 2596927 MS14-082: Description of the security update for the 2007 Microsoft Office suite: December 9, 2014
  • 2553154 MS14-082: Description of the security update for Microsoft Office 2010: December 9, 2014

File hash information

Package NamePackage Hash SHA1Package Hash SHA2
fm202007-kb2596927-fullfile-x86-glb.exe7134AF5163B727606B0E03868F697AB74CA329AB0887BD5908DD8DAEA06D62A9F4D9432AAF30D5246F4B0008D774009107473D3A
fm202010-kb2553154-fullfile-x64-glb.exe982E1544DDF6A6E17B094F97DDBA654921699ECF002A7DFE06AB4014A0C3CE25F2D5ED7B22FBC983DF8312F670C09A04A1F1FECA
fm202010-kb2553154-fullfile-x86-glb.exeBDC5D2324C57DE891342E9818159DC0271F6F194623CBF110FD7094FD73B1C68052E156DB3DCE0855108D11A3BAE466E9B7DE1B5
fm202013-kb2726958-fullfile-x64-glb.exeEC8EEF578DD4FFEFB149D1E2AEAA12F4AC2710DC4949F0E35182AB9EAA38895D7397415FC2D943956F0D952957EFFF37D684F734
fm202013-kb2726958-fullfile-x86-glb.exe940E36421FFCC83756B96D950B92B2985D0896A19D3AA9840B81FA627EE4A3AE4F864505DA93C8AD3E0913E5B1BDACEF1E52E47E