MS16-004: Description of the security update for Microsoft Visual Basic Runtime 6.0: January 12, 2016


This security update resolves vulnerabilities in comctl32.ocx and mscomctl.ocx that could allow remote code execution if a user opens a specially crafted Microsoft Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS16-004.

Note To apply this security update, you must have the release version of Visual Basic 6.0 IDE installed on the computer.

For a complete list of affected versions of Microsoft Office software, see KB3124585.

How to obtain and install the update

Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Command-line switches for this update

For information about the various command-line switches that are supported by this update, see Standard Installer command-line options.

Removal information

You cannot remove this security update through the Add or Remove Programs item or the Programs and Features item in Control Panel. To remove this security update, save the .msi file to a known location, and then run the following command at a command prompt:
msiexec /x [knownlocation]\[PatchName].msi

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base article 3124585.

Security update replacement information

This security update replaces previously released update KB2708437.