Description of the security update for Excel 2016: March 13, 2018

Applies to: Excel 2016


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2018-0907.

Note To apply this security update, you must have the release version of Excel 2016 installed on the computer.

Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer (.msi)-based edition of Office 2016. It doesn't apply to the Office 2016 Click-to-Run editions, such as Microsoft Office 365 Home. (Determining your Office version)

Note Security update 4011220 addresses a risk that is associated with macros that are assigned to objects in an Excel workbook. Update 4011220 now warns users about the potential security risk by showing the trust bar. The content at risk is not part of what is digitally signed when workbook macros are digitally signed. Update 4011220 may change customer scenarios that rely on digitally signed macros that are attached to objects in the workbook. This is because, by design, this feature does not show the trust bar. Therefore, there would be no way for users to allow such documents to function.

Based on customer feedback, we have released security update 4011727. This is a less restrictive update that addresses the majority of those customer cases. Ideally, customers don’t have to change the relevant registry setting because the default behavior currently maps to more lenient settings. This could be changed in the future if it is necessary.

  • If users were not affected by CVE-2017-11877 and don’t rely on the digital signed macros feature, they could restore the registry setting to the more restrictive and safer behavior.
  • If users have critical business processes that are still broken even after update 4011727 is installed to address digital signed macros on objects, they can change the registry setting to allow the macros.

    Note We do not recommend that you change the registry setting to allow the macros because this will expose the system to a known possible attack vector.

For more information about security update 4011220, see Microsoft Common Vulnerabilities and Exposures CVE-2017-11877.

For more information about security update 4011727, see Microsoft Common Vulnerabilities and Exposures CVE-2018-0907

Improvements and fixes

This security update contains improvements and fixes for the following nonsecurity issues:


This security update also contains the following improvements for Excel 2016:

  • Improves the translation of the Defer Layout Update check box for the Danish version
  • A new registry key has been added to provide more control over object macros security. The "RestrictObjectMacros" DWORD registry key under HKCU/Software/Microsoft/Office/16.0/Excel/Security supports the following values:

    0 (or not present) – Default behavior
    1 – Strict
    2 – Lenient
    3 – None (not recommended)

    Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
    322756 How to back up and restore the registry in Windows


This security update contains fixes for the following nonsecurity issues:

  • This update fixes an issue in which you create Boolean fields by using the CreatePivotFields method in Excel VBA.
  • For files that contain special characters in the worksheet names, you may experience file corruption issues on a round trip across some locales. Additionally, you receive an error message that resembles the following:

    Excel found unreadable content in 'FileName '. Do you want to recover the contents of this workbook? If you trust the source of this workbook, click Yes.

  • The Show Details (drill-through) function may not work.
  • You cannot edit any cells if the Application.DisplayFormulaBar and Application.ScreenUpdating properties in VBA are set to FALSE in Excel 2016.
  • Fixes the translation of the TRIM function for the Danish version and the Dutch version.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see security update deployment information: March 13, 2018.

Security update replacement information

This security update replaces previously released security update 4011627.

File hash information

Package name Package hash SHA 1 Package hash SHA 2
excel2016-kb4011727-fullfile-x64-glb.exe 1732993914E822A60B296CEC1A40026A3D583D88 C1FF072716412A5CAD9EC48593DE757FE9A06F50FEBC43BDD5C8256B3E85FBB5
excel2016-kb4011727-fullfile-x86-glb.exe 122BC5955176394C4085DF843E4B9C497459E0A0 2FB72FFE05EE15781931106F36CA8BB165D1D5D563ECBF5A052B0E0DA9D567F9

File information

The English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

How to get help and support for this security update

Help for installing updates: Windows Update FAQ

Security solutions for IT professionals: Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

Propose a feature or provide feedback on Office Core: Office User Voice portal