MS15-116: Description of the security update for Office 2013: November 10, 2015

Applies to: Microsoft Office 2013 Service Pack 1


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS15-116.

Note To apply this security update, you must have the release version of Service Pack 1 for Office 2013 installed on the computer.

For a complete list of affected versions of Microsoft Office software, see KB3104540.

Known issues in this security update

  • After you install this security update for Office 2013 (or update 3114333 for Office 2013), Office applications may hang or crash. This can affect one or more Office applications, including Outlook 2013, Word 2013, Excel 2013, OneNote 2013, PowerPoint 2013, or others.

    To work around this issue, manually configure the proxy server for your LAN instead of using automatic settings. To do this, follow these steps:
    1. In Internet Explorer, open Internet Options, and then click the Connections tab.
    2. Click LAN settings.
    3. Click to clear the Automatically detect settings and Use automatic configuration script check boxes.
    4. Click to select the Use a proxy server for your LAN check box, and then type the appropriate values into the Address and Port fields.

Improvements and fixes

  • Enables failover to multiple proxies during HTTP requests if there's a proxy failure.
  • Improves the translation for authentication messages in Outlook 2013.
  • This update also contains fixes for the following nonsecurity issues:
    • After you experience certain HTTP errors such as a time-out error in Outlook 2013, Outlook 2013 may not connect to the mail server.
    • When you select a suggestion item from the suggestion list of a combo box in a workbook in Excel 2013, the selected suggestion item isn't selected as expected in the combo box.
    • The "shared with" list of a file is deleted under the Info pane on the File menu. To see who your file is shared with, go to the Share pane on the File menu.
    • You can't check in or check out documents in SharePoint Server 2013 if you have an intranet connection but not an Internet connection.
    • When you try to reply or forward an email message that contains a linked image, Outlook 2013 freezes before the image is displayed.
    • Fixes an issue that even after you successfully enter your credentials, Office apps still prompt you for credentials again.
    • When you use the MAPI over HTTP transport protocol in Outlook 2013, you may experience repeated reconnect attempts because the X-PendingPeriod header field isn't respected.

      Note To fix this issue, install this update together with November 10, 2015, update for Outlook 2013 (KB3101488). See KB3101355 for more information.
    • Web Services Trust Language (WS-Trust) 2005 support for username or password workflow is broken.
    • After you install October 13, 2015, update for Office 2013 (KB3085566), you can't synchronize files by using the OneDrive for Business client, and you receive the error "Credentials needed" or "Please enter your credentials." However, no option is available to enter your credentials.

How to obtain and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Note For Microsoft Office 2013 RT Service Pack 1, this update is available from Microsoft Update only.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base Article KB3104540.

Security update replacement information

This security update replaces previously released update KB2956151.