MS15-116: Description of the security update for Word 2016: November 10, 2015

Applies to: Word 2016


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS15-116.

Note To apply this security update, you must have the release version of Word 2016 installed on the computer. After you apply this security update, you may see a popup window that states that a website wants to open web content in protected mode in Internet Explorer. See Updates to change the way that Internet Explorer interacts with features in Microsoft Office applications for more information.

For a complete list of affected versions of Office software, see Microsoft Knowledge Base article 3104540.

Improvements and fixes

  • Adds two new add-in APIs in Word under CustomXmlNode: getTextAsync and setTextAsync. These two new APIs also provide a way add a text value to a built-in CustomXmlNode object when the node has no text value yet.
  • Updates the Word Add-ins API of setSelectedDataAsync by introducing a new coercion type for image. With this new image type, setSelectedDataAsync can insert a picture at the selected location. The image should be provided as a base64-encoded string.
  • Improves the new Word API feature by adding more properties and methods to some objects.
  • This update also contains fixes for the following nonsecurity issues:
    • When you save a .doc document in the .docx format or edit and save a .docx document and then close and reopen this document in Word 2016, a hidden table is visible in the document unexpectedly if the hidden table content was formatted by a table style.
    • When you use an IME to type characters in a document in Word 2016 that has Overtype mode enabled, and if the text service is disabled by Microsoft Office IME 2016, undetermined characters aren't displayed.
    • When you edit a document that uses mirror indents in Word 2016, text jumps around somewhat randomly. In this case, if there's a wrapped shape or picture, some text may not be displayed or printed as expected.
    • If the first comment bubble is marked as done in Word 2016, Word 2016 may crash when you select a comment bubble.
    • If subpixel positioning isn't used in Word 2016, cursor positioning can be incorrect, and text may jump unexpectedly. Various system and Word options may switch off subpixel positioning in Word 2016. This includes some ClearType and remote desktop options.
    • When you edit a line in Word 2016, you may see an incorrect line break. (For example, the line break may be in the middle of a word or before a space).
    • When you try to save a large document that has hyperlinks in Word 2016, the Save As dialog box appears. However, you can't save the file. In addition, you keep looping back to the Save As dialog box until you cancel the save operation. This issue occurs after a word is auto-corrected by the AutoCorrect feature.
    • When you open a .docm document that has an ActiveX control deleted (for example, by using the OpenXML manipulation) in Word 2016, you receive an error message that resembles the following:
      Can't exit design mode because Control "<control name>" can not be created.
      It's because the state of the ActiveX control still remains in Visual Basic for Applications.
    • When you run a macro that uses the TransformDocument method to convert a document into a different XML format in Word 2016, Word 2016 crashes if there's a text box in the header or footer of the document.
    • When you paste text in a new email message window in Outlook 2013, the text isn't displayed fully. This issue occurs if the lines of the text are greater than the height of the window.
    • Assume that you're using a screen reader when you're editing your email signature in the Signatures and Stationery dialog box in Outlook 2013 and that your email signature has multiple paragraphs. In this situation, the screen reader reads only the first paragraph of the signature.
    • A real-time collaboration session in Word 2016 may lose data after you delete personal information from Document Inspector.
    • When you open a document that contains a chart of one of the new chart types (a treemap, sunburst, histogram, box and whisker, Pareto, or waterfall chart) in Office 2016 applications, an image of the chart is displayed in PowerPoint 2016 and Word 2016. In Excel 2016, a bounding box that has a message is displayed instead of the chart.

      Note See An image of a chart or a bounding box that has a message is displayed instead of the chart in Office 2016 applications for more information.
    • When you edit text that has advanced font features or uses complex scripts in Word 2016, Word 2016 may crash.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Method 2: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base article 3104540.

Security update replacement information

This security update replaces previously released update 2920691.