MS15-099: Description of the security update for Excel 2013: September 8, 2015

Si applica a: Microsoft Office 2013 Service Pack 1Excel 2013


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS15-099.

Note To apply this security update, you must have the release version of Service Pack 1 for Office 2013 installed on the computer.

For a complete list of affected versions of Microsoft Office software, see KB3089664 .

Improvements and fixes

  • Enables single sign-on (SSO) for ADAL on cloud domain-joined computers. On cloud domain-joined computer that has Modern Authentication enabled, domain accounts seem to be logged in but can't open files.

  • Selecting an icon set for a KPI in PowerPivot is ignored in Excel 2013.
  • This update also contains fixes for the following nonsecurity issues:
    • Consider the following scenario:
      • You add an ActiveX combo box control or an ActiveX list box control to a workbook in Excel 2010.
      • The ListFillRange property of the control refers to the data of another worksheet in the workbook.
      • You zoom the views of both worksheets to different zoom factors other than 100%.
      • You try to change the selection of the combo box control or the list box control.
      In this scenario, you may receive the following error message:
      Not enough system resources to display completely.
    • Charts can't be inserted in other Office applications such as Word or PowerPoint if an add-in from a network location is loaded in Excel 2013.
    • Some object model calls (Range::HasArray, Range:HasFormula and Range::NumberFormat) are slower in Excel 2013 compared to earlier versions of Excel.
    • When you use a third-party application to host Excel 2013 and try to use the application to open a workbook externally in an Excel window, the window opens without a workbook.
    • When you enable the Always use connection file option for an ODBC connection to any data source such as Access or SQL server in Excel 2013, Excel 2013 may crash.
    • Fixes an issue that hides detailed error message from the Power Query users in various scenarios and causes a generic error notification to be displayed instead.
    • When you print or print preview a worksheet in Excel 2013, the name of a group box (form control) is displayed in an incorrect position.
    • When you copy and paste cells that have conditional formatting set in Excel 2013, the conditional formatting rules are duplicated even though the rules already exist in the cells.

      Note After you apply the update, you need to follow the instructions in the "Registry information" section to fix this issue.
    • Certain edits in PowerPivot will cause Power Query connections to be read-only in Excel and block further edits in Power Query. For more information, see Editing columns and tables from a Power Query connection is no longer possible by using PowerPivot in Excel 2013 .
    • Sometimes you receive an out of memory error when you create a new Excel window after using an Excel preview window in Outlook.

How to obtain and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Note For Microsoft Office 2013 RT Service Pack 1, this update is available from Microsoft Update only.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Registry information

Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.
  1. Exit all Microsoft Office applications.
  2. Start Registry Editor:
    • In Windows 10, go to Start, enter regedit in the Search Windowsbox, and then select regedit.exe in the search results.
    • In Windows 8 or Windows 8.1, move your mouse to the upper-right corner, go to Search, enter regedit in the search text box, and then select regedit.exe in the search results.
    • In Windows 7, go to Start, enter regedit in the Search programs and files text box, and then select regedit.exe in the search results.
  3. Locate and then select the following registry entry:
  4. On the Edit menu, point to New, and then select DWORD Value.
  5. Enter ReplaceCFOnPaste, and then press the Enter key.
  6. In the Details pane, right-click ReplaceCFOnPaste, and then select Modify.
  7. In the Value data box, enter 1, and then select OK.
  8. Exit Registry Editor.

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base Article KB3089664 .

Security update replacement information

This security update replaces previously released update KB3054991 .