MS15-046: Vulnerabilities in Microsoft Office could allow remote code execution: June 9, 2015

Summary
This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less affected than those who operate under administrative user rights.
Introduction
Microsoft has released security bulletin MS15-046. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates:Support for Microsoft Update

Security solutions for IT professionals:TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:Virus Solution and Security Center

Local support according to your country:International support

More information

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.
More information

Security update deployment information

The 2007 Microsoft Office suite (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor the 2007 Microsoft Office suite Service Pack 3:
mso2007-kb3085544-fullfile-x86-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse the Add or Remove Programs item in Control Panel.
File informationSee the file information section
Registry key verificationNot applicable

Microsoft Office 2010 (all editions) and Other Software

Reference Table

The following table contains the security update information for this software.
Security update file nameFor Microsoft Office 2010 Service Pack 2 (32-bit editions):
kb24286772010-kb3054841-fullfile-x86-glb.exe
oart2010-kb3054834-fullfile-x86-glb.exe
oartconv2010-kb3054848-fullfile-x86-glb.exe
For Microsoft Office 2010 Service Pack 2 (64-bit editions):
kb24286772010-kb3054841-fullfile-x64-glb.exe
oart2010-kb3054834-fullfile-x64-glb.exe
oartconv2010-kb3054848-fullfile-x64-glb.exe
For Microsoft Excel 2010 Service Pack 2 (32-bit editions):
excel2010-kb3054845-fullfile-x86-glb.exe
For Microsoft Excel 2010 Service Pack 2 (64-bit editions):
excel2010-kb3054845-fullfile-x64-glb.exe
For Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions):
powerpoint2010-kb3054835-fullfile-x86-glb.exe
For Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions):
powerpoint2010-kb3054835-fullfile-x64-glb.exe
For Microsoft Word 2010 Service Pack 2 (32-bit editions):
word2010-kb3054842-fullfile-x86-glb.exe
For Microsoft Word 2010 Service Pack 2 (64-bit editions):
word2010-kb3054842-fullfile-x64-glb.exe
For Microsoft PowerPoint Viewer:
pptview2010-kb2956195-fullfile-x86-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse the Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 3054841
See Microsoft Knowledge Base Article 3054834
See Microsoft Knowledge Base Article 3054848
See Microsoft Knowledge Base Article 3054845
See Microsoft Knowledge Base Article 3054835
See Microsoft Knowledge Base Article 3054842
See Microsoft Knowledge Base Article 2956195
Registry key verificationNot applicable

Microsoft Office 2013 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor supported editions of Microsoft Office 2013 (32-bit editions):
oart2013-kb2975808-fullfile-x86-glb.exe
For supported editions of Microsoft Office 2013 (64-bit editions):
oart2013-kb2975808-fullfile-x64-glb.exe
For supported editions of Microsoft Excel 2013 (32-bit editions):
excel2013-kb2986216-fullfile-x86-glb.exe
For supported editions of Microsoft Excel 2013 (64-bit editions):
excel2013-kb2986216-fullfile-x64-glb.exe
For supported editions of Microsoft PowerPoint 2013 (32-bit editions):
powerpoint2013-kb2975816-fullfile-x86-glb.exe
For supported editions of Microsoft PowerPoint 2013 (64-bit editions):
powerpoint2013-kb2975816-fullfile-x64-glb.exe
For supported editions of Microsoft Word 2013 (32-bit editions)
word2013-kb2965307-fullfile-x86-glb.exe
For supported editions of Microsoft Word 2013 (64-bit editions)
word2013-kb2965307-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse the Add or Remove Programs item in Control Panel.
File informationSee the Microsoft Knowledge Base Article 297580
See Microsoft Knowledge Base Article 2986216
See Microsoft Knowledge Base Article 2975816
See Microsoft Knowledge Base Article 2965307
Registry key verificationNot applicable

Microsoft Office 2013 RT (all editions)

DeploymentThe 2975808 update for Microsoft Office 2013 RT is available through Windows Update.
The 2986216 update for Microsoft Excel 2013 RT is available through Windows Update.
The 2975816 update for Microsoft PowerPoint 2013 RT is available through Windows Update.
The 2965307 update for Microsoft Word 2013 RT is available through Windows Update.
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationClick Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 2975808
See Microsoft Knowledge Base Article 2986216
See Microsoft Knowledge Base Article 2975816
See Microsoft Knowledge Base Article 2965307

Office for Mac 2011

Prerequisites
  • Mac OS X version 10.5.8 or a later version on an Intel processor
  • Mac OS X user accounts that have administrator privileges
Installing the Update

Download and install the appropriate language version of the Microsoft Office for Mac 2011 14.5.0 Update from the Microsoft Download Center.

1. Exit any applications that are running. This includes virus-protection applications and all Microsoft Office applications as they could interfere with the installation.

2. Open the Microsoft Office for Mac 2011 14.5.0 Update volume on your desktop. This step might have been performed for you.

3. To start the update process, in the Microsoft Office for Mac 2011 14.5.0 Update volume window, double-click the Microsoft Office for Mac 2011 14.5.0 Update application, and follow the instructions on the screen.

4. When the installation is complete, you can remove the update installer from your hard disk. To verify that the installation finished successfully, see Verifying Update Installation. To remove the update installer, first drag the Microsoft Office for Mac 2011 14.5.0 Update volume to the Trash, and then drag the file that you downloaded to the Trash. Verifying Update Installation

To verify that a security update is installed on an affected system, follow these steps:

1. In Finder, locatethe Application Folder (Microsoft Office 2011).

2. Select Word, Excel, PowerPoint or Outlook and launch the application.

3. On the application menu, click About Application_Name (where Application_Name is Word, Excel, PowerPoint or Outlook).If the Latest Installed Update Version number is 14.5.0, the update has been successfully installed.

Restart requirement

This update does not require you to restart your computer.

Removing the update

This security update cannot be uninstalled.

More information

If you have technical questions or problems with downloading or using this update, see Microsoft for Mac Support to learn about the support options that are available to you.

Microsoft Office Web Apps 2010 (all versions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor Microsoft Office Web Apps 2010 Service Pack 2:
wac2010-kb3054843-fullfile-x64-glb.exe
For Microsoft Excel Web App 2010 Service Pack 2:
xlwac2010-kb3054838-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationThis security update cannot be removed.
File InformationSee Microsoft Knowledge Base Article 3054843
See Microsoft Knowledge Base Article 3054838
Registry key verificationNot applicable

Microsoft Office Web Apps 2013 (all versions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported editions of Microsoft Office Web Apps Server 2013 Service Pack 1:
wacserver2013-kb3039748 -fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationThis security update cannot be removed.
File InformationSee Microsoft Knowledge Base Article 3039748
Registry key verificationNot applicable

Microsoft SharePoint Server 2010 (all editions) and Microsoft SharePoint Foundation 2010 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor supported editions of Microsoft SharePoint Server 2010:
vsrv2010-kb2553219-fullfile-x64-glb.exe
For Microsoft SharePoint Server 2010 and Microsoft SharePoint Foundation 2010:
wssloc2010-kb3054847-fullfile-x64-glb.exe
For Excel Services on supported editions of Microsoft SharePoint Server 2010 Service Pack 2:
xlsrv2010-kb3054839-fullfile-x64-glb.exe
For Word Automation Services on supported editions of Microsoft SharePoint Server 2010 Service Pack 2:
wdsrv2010-kb3054833-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationThis security update cannot be removed.
File InformationSee Microsoft Knowledge Base Article 2553219
See Microsoft Knowledge Base Article 3054847
See Microsoft Knowledge Base Article 3054839
See Microsoft Knowledge Base Article 3054833
Registry key verificationNot applicable

Microsoft SharePoint Server 2013 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor supported editions of Microsoft SharePoint Server 2013:
pptserverloc2013-kb3039736-fullfile-x64-glb.exe
For Excel Services on supported editions of Microsoft SharePoint Server 2013:
xlsrvloc2013-kb3039725-fullfile-x64-glb.exe
For Word Automation Services on supported editions of Microsoft SharePoint Server 2013:
wdsrvloc2013-kb3023055-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationThis security update cannot be removed.
File InformationSee the Microsoft Knowledge Base Article 3039736
See Microsoft Knowledge Base Article 3039725
See Microsoft Knowledge Base Article 3023055
Registry key verificationNot applicable

File hash information

File nameSHA1 hashSHA256 hash
mso2007-kb3085544-fullfile-x86-glb.exe0ED79E945CC3E9A60E0BAEEE5844398DCC37C3F6BFE7946057E84295B144002B2072A7F2ADE5BA5FEF4845D7E7E869FB29A38650
excel2010-kb3054845-fullfile-x64-glb.exeD573D17953AB14C4292210D255F9EB3FB0EA80D5DD011253562B43AFCF27A08B69F8888F757BFED0EB3B31D93C08A089686DE3A8
excel2010-kb3054845-fullfile-x86-glb.exe62A9F813F8BC1BB1D07BD829B4AB1571E6407C5B8E9872CF6A1887C11697251E00FEE50AFEF912161BC7FAD6447B9C0FA78ADB0C
kb24286772010-kb3054841-fullfile-x64-glb.exe9892576D6268B123002073E5D0BEEF6D8ECE2F7994C80842CFF7CC03FEE1D9004462BD895EC34F696F996E2982589FB41FBD242B
kb24286772010-kb3054841-fullfile-x86-glb.exe4256DF1CF3025870D8D539D5FCC79043C2882D544AE4018880C8748D4EF504AD62AE1D6DFA87DC69F55E4279615D964F7E3CEA61
oart2010-kb3054834-fullfile-x64-glb.exeA528746720E0C3A33D9EC2CF78CCB52E5C410BC800A7F26CCAC9B82A6DFD025B4D6B39801C1A78CC66A2FBDE4616032147520A3D
oart2010-kb3054834-fullfile-x86-glb.exeEDFDD750E85EB1D3E2E4FB11A7131D6DFADFBDEEEAB615773CB2689B7E84151E93B975D7CBC2B750C3756B28C603A0BE8955E2CE
oartconv2010-kb3054848-fullfile-x64-glb.exe409FD3488DB63486BC10D488A75978CB9E17D7D5DE32BC70F1E48D15A41645EB5964DF726CD33DDDB99DFBF3F8F257070CD03396
oartconv2010-kb3054848-fullfile-x86-glb.exeD96B8242EE9D017E113609B66131AB4F81878686840937651515C37707A8C128C1FA1C2F7EE1F8F8DE3C2EDEC57949AB0E4004BE
powerpoint2010-kb3054835-fullfile-x64-glb.exe3BC2A8EB21934831F79891333B979D3110EB5681CE4D60944ECC8763832264C22AC4B07D7CD8EC2EC8F2D96F3BEC08BA108944CD
powerpoint2010-kb3054835-fullfile-x86-glb.exe14A2288B2CDD307E08B9A552F88E412D953761B803D7274CA77F3E9DA830D070D4F35E38058676A57500FE8A5AEBFC22C971DD61
pptview2010-kb3054840-fullfile-x86-glb.exe10BEF7E8E8FD0F18445B13B73D82320F00900B28DDDCD94202545809EA530F7B912C7D5EEA22818386109F2925C5115414E83FD5
ubersrv2010-kb3054880-fullfile-x64-glb.exe2D7E343EF5AD97BE8B6C2F78D51E8E3843A95BCD075556C8FD3D070B4E5309517DAE0F741467AF8EB2BC8417795049EA29148883
ubersrvprj2010-kb3054877-fullfile-x64-glb.exeF60082A666DB9EFB346F84AD22349BE46811296286A7E02B21239EA8CC9390052E056382A1778A0C287FC1449EB1109992F8F1FC
wac2010-kb3054843-fullfile-x64-glb.exe34AB39CEF692C2704A5F8878BB4B6FACDE69E16155ADA255E733E20AF2BBC07DFD8944DF79B0BDA6DA61023598B6AFBF475C1B1E
wdsrv2010-kb3054833-fullfile-x64-glb.exeB03B5ACDDEAB727626145D87ECECAD9C5B8AD20D15B75CA802454D147F380FACB3B980AC7F1D2D83B560660A82DCF1F0909077EE
word2010-kb3054842-fullfile-x64-glb.exe3E7470EB791FE5CCB4F694A09942180A3F6D3276495C72027DA915A3067CEBE62304C251043023DD1E42C9155B5E740AAF19F9E2
word2010-kb3054842-fullfile-x86-glb.exe64B5079D265ECDEB3CAE389374993078155047E9A0EACF679994DEABB6D0ADC946792DFABD9349D801DC3462E0BD4DF87E5F7617
wssloc2010-kb3054847-fullfile-x64-glb.exe5F970701271ADC4B03BF41C03F343D930AC8E3639FF49721D05DE4D91A3754DCEF56E6E63780294852B2DDA8A96B6F3D4D9F2F02
xlsrv2010-kb3054839-fullfile-x64-glb.exeE5EE22FF332ECB5BE84AE562F29D08AB67D468A8FE21A67BBC229E88DA6D988C3710E5A716240B65B36C90795C783FEAAF3BD8B9
xlwac2010-kb3054838-fullfile-x64-glb.exe9549CF5144CC9A5E7BBF48E3AA7AF41FB803CFBA560F28566FB2E9FB4ACE8C55E76665E8316DA7A84058CF30117B75053DA7B0E9
Свойства

ИД на статията: 3057181 – Последен преглед: 10/13/2015 17:23:00 – Редакция: 3.0

2007 Microsoft Office Suite Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft PowerPoint 2010, Microsoft Word 2010, Microsoft Office 2013 Service Pack 1, Microsoft Excel 2013, Microsoft PowerPoint 2013, Microsoft Word 2013, Microsoft Office Home and Student 2013 RT, Microsoft Office for Mac 2011 Service Pack 2, Microsoft Excel Web App, Microsoft Word Web App, Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013

  • kbexpertiseinter kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbsurveynew atdownload KB3057181
Обратна връзка