MS16-004: Description of the security update for Office 2013: January 12, 2016

Summary

This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS16-004.

Note To apply this security update, you must have the release version of Service Pack 1 for Office 2013 installed on the computer.

For a complete list of affected versions of Microsoft Office software, see Microsoft Knowledge Base article 3124585.

Improvements and fixes

This update also contains fixes for the following nonsecurity issues:
  • After you use the Office deployment tool to install Office 2013 Click-to-Run editions that have multiple language packs, the language that is set in the config.xml as the first language isn't set as the default language.
    BUG #: 3513146 (Office15)
  • After you save an Excel workbook that contains an unregistered ActiveX control in Excel 2013, Excel 2013 may crash.
    BUG #: 3513734 (Office15)
  • When you try to open a file that's encrypted by a custom encryption provider in an Office 2013 application, the application may crash.
    BUG #: 3513800 (Office15)
  • Assume that you delete a cell comment of a cell that has a fill effect in a workbook in Excel 2013. Then, you save the workbook. When you reopen the file, you receive the following error message:
    Excel found unreadable content in 'workbookname.xlsx'. Do you want to recover the contents of this workbook? If you trust the source of this workbook, click Yes.
    After you select the Yes button, you receive the following error message:
    Excel was able to open the file by repairing or removing the unreadable content.
    BUG #: 3514032 (Office15)
  • After you install the November 10, 2015 update for Office 2013 (KB3101360) or the December 8, 2015 update for Office 2013 (KB3114333), Office applications may hang or crash. This can affect one or more Office applications, such as Outlook 2013, Word 2013, Excel 2013, OneNote 2013, and PowerPoint 2013.
    BUG #: 3515948 (Office15)

How to obtain and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Note For Microsoft Office 2013 RT Service Pack 1, this update is available from Microsoft Update only.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base article KB3124585.

Security update replacement information

This security update replaces previously released update KB3101360.
File hash information
File information
How to obtain help and support for this security update
Properties

Article ID: 3114486 - Last Review: Jan 12, 2016 - Revision: 1

Feedback