MS16-054: Description of the security update for Word 2016: May 10, 2016

Applies to: Word 2016


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS16-054.

Note To apply this security update, you must have the release version of Word 2016 installed on the computer.

For a complete list of affected versions of Microsoft Office software, see Microsoft Knowledge Base article KB3155544.

Improvements and fixes

This security update contains improvements and fixes for the following nonsecurity issues:
  • This update adds support for Javanese Script.
  • Assume that you have a document that's digitally signed and the document has controls that's bound to the document metadata. After the document metadata is updated, Word 2016 still considers the document signature as valid.
  • Hebrew characters in footnote references are reversed in Word 2016.
  • When you paste mixed RTL and LTR plain text into a document in Word 2016, punctuation might appear on the wrong side of words.
  • Sometimes Word 2016 does not show a MacroButton field, and shows the following message instead:
    Display text cannot span more than one line!

  • After you enable and disable Split window for a document that has an ActiveX control in Word 2016, Word 2016 crashes.
  • Word 2016 may crash if a list item begins with a diacritic, and the list uses a space (instead of a tab) for indentation.
  • After you compare or combine two versions of a document that are coauthored by different coauthors in Word 2016, all OLE objects are marked as changed.
  • Autocorrect changes incorrect characters in the presence of diacritic in Word 2016.
  • Sometimes Word 2016 shows numbers incorrectly when the Numeral setting is set to Context in the Word Option dialog box.
  • When you scroll through a document that has an ActiveX control in Word 2016, the ActiveX control is switched to design mode.
  • The Send as PDF function is unavailable in Reading mode in SharePoint Server 2016.
  • Some symbol characters are changed to "1" unexpectedly in the following scenarios:
    • You send a RTF format email message that contains some symbol characters in Outlook 2016.
    • You copy and paste some symbol characters in Word 2016.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see the "Turn on automatic updating in Control Panel" section of this Safety & Security Center article.

Method 2: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base article KB3155544.

Security update replacement information

This security update doesn't replace any previously released update.

File hash information

Package NamePackage Hash SHA 1Package Hash SHA 2