MS16-107: Description of the security update for Office 2013: September 13, 2016

Applies to: Microsoft Office 2013 Service Pack 1


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS16-107.

Note To apply this security update, you must have the release version of Service Pack 1 for Microsoft Office 2013 installed on the computer.

For a complete list of affected versions of Microsoft Office software, see Microsoft Knowledge Base article 3185852.

Improvements and fixes

This security update contains improvements and fixes for the following nonsecurity issues:

  • Translate some terms in multiple languages to make sure that the meaning is accurate.
  • Update a feature that was released in Office 2013. VBA macros are no longer automatically blocked when you receive an attachment from a trusted sender or open a file from your personal OneDrive. See New feature in Office 2016 can block macros and help prevent infection and Plan security settings for VBA macros in Office 2016 for more information.
  • After you save a workbook that has carriage return and line feed characters as a .pdf file in Microsoft Excel 2013, the characters are displayed as squares in Adobe Reader.
    Note To fix this issue, you also need to install April 5, 2016, update for Office 2013 (KB3085587).
  • After you rename a button on a custom ribbon tab in the Korean version of Office 2013 applications, the button name is split but remains on the same line.
  • You can't post a blog to a blogger site in Word 2013. This update deletes the "Blogger" option from the Blog drop-down list because the authentication protocol is changed.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Turn on automatic updating in Control Panel.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base article 3185852.

Security update replacement information

This security update replaces previously released security update 3115427.

File hash information

Package NamePackage Hash SHA 1Package Hash SHA 2