MS16-054: Description of the security update for Word 2013: May 10, 2016

Applies to: Microsoft Office 2013 Service Pack 1Word 2013

Summary


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS16-054.

Note To apply this security update, you must have the release version of Service Pack 1 for Microsoft Office 2013 installed on the computer.

For a complete list of affected versions of Microsoft Office software, see Microsoft Knowledge Base article KB3155544.

Improvements and fixes


This security update contains improvements and fixes for the following nonsecurity issues:
  • Assume that you have a document that's digitally signed and the document has controls that's bound to the document metadata. After the document metadata is updated, Word 2013 still considers the document signature as valid.
  • After you enable and disable Split window for a document that has an ActiveX control in Word 2013, Word 2013 crashes.
  • When you scroll through a document that has an ActiveX control in Word 2013, the ActiveX control is switched to design mode.
  • After you compare or combine two versions of a document that are coauthored by different coauthors in Word 2013, some or even all OLE objects are marked as changed.

How to get and install the update


Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see the "Turn on automatic updating in Control Panel" section of this Safety & Security Center article.

Method 2: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information


Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base article KB3155544.

Security update replacement information

This security update replaces previously released security update KB3114937.

File hash information

Package NamePackage Hash SHA 1Package Hash SHA 2
word2013-kb3115025-fullfile-x64-glb.exe733197E560DAB1E19FF738FED1EE1AF309711815CE475792CDEDDB1061524A30B15954C3710E3701E21A0C5AAE6C71A6D0AF8FFE
word2013-kb3115025-fullfile-x86-glb.exeC6306C17260CA692DB725AFBECC257947E3D3EA36373439FED00CA80089065341E61BFB129AF18CD30344FEF5B4581918F7DFA8C