MS16-148: Description of the security update for Office 2013: December 13, 2016

Applies to: Microsoft Office 2013 Service Pack 1


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS16-148.

Note To apply this security update, you must have the release version of Service Pack 1 for Microsoft Office 2013 installed on the computer.

For a complete list of affected versions of Microsoft Office software, see Microsoft Knowledge Base article 3204068.

Improvements and fixes

This security update contains improvements and fixes for the following nonsecurity issues:
  • Translate some terms into Slovak to make sure that the meaning is accurate.
  • When you insert content into cells in Excel, Excel may intermittently freeze on virtual machines and low-end devices.
  • When macros and some add-ins are included in operations to update the status bar text frequently, they are significantly slower in Office 2013 and Office 2016 than in earlier versions.
  • When you enable the desktop composition feature in Windows, Office 2013 application windows becomes white.
  • When you rename a ribbon button that has a short command name through the customize ribbon dialog box, the command naming dialog box always strips two special layout characters from the control name that's used in East Asian languages to control word breaking.
  • If you have content that's protected by IRM based on an administrative template, and the administrative template is then archived, you can't do certain operations on it.
  • Skype for Business 2015 (Lync 2013) crashes during shutdown.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base article 3204068.

Security update replacement information

This security update replaces previously released security update 3118284.

File hash information

Package namePackage hash SHA 1Package hash SHA 2