MS15-070: Vulnerabilities in Microsoft Office could allow remote code execution: July 14, 2015

Summary
This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Office file. To learn more about the vulnerability, see Microsoft Security Bulletin MS15-070.
More information
Additional information about this security update
The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.

Nonsecurity-related fixes that are included in this security update

This security update also fixes the following nonsecurity-related issues:
  • DRM can be unlocked unexpectedly if a user has "Save" rights.
  • After you send an email message that has an HTML format or save an email message to an HTML file in Outlook, the custom format of the content is changed unexpectedly. This issue occurs if the content is copied from a document in Word 2010.
  • When you scroll down a worksheet in Excel Web App, the scroll resets to the top of the worksheet.
  • When you run VBA code to obtain the ReadOnly property of a workbook on a SharePoint document library in Excel 2013, the result is false. This issue occurs if you open the workbook from the Recent Workbooks list, and the Require documents to be checked out before they can be edited? value is set to Yes for the document library.
  • Assume that you open two or more Microsoft Excel OLE objects (for example, Microsoft Excel worksheet objects) in a document in an Office 2013 application. After you change and save one of the OLE objects, the user interfaces on the ribbon may not work.
  • Excel 2013 may crash intermittently.
  • Enables you to run VBA codes to turn on the laser pointer in Slide Show mode of a presentation in PowerPoint 2013 programmatically.
  • After you set the results of a Paste Special operation to a ShapeRange object, you cannot access the results.
  • When you use the SaveCopyAs method in the object model, PowerPoint 2013 still maintains the original presentation as the current active presentation.
  • Various high DPI improvements to user interfaces in PowerPoint 2013.
  • You cannot use the Application.Caption property of the PowerPoint 2010 object model to differentiate the captions of open presentation windows.
More information

Security update deployment information

The 2007 Microsoft Office suite (all editions)

Reference table
The following table contains the security update information for this software.
Security update file nameFor Microsoft Excel 2007 Service Pack 3:
excel2007-kb2965281-fullfile-x86-glb.exe
For Microsoft PowerPoint 2007 Service Pack 3:
powerpoint2007-kb2965283-fullfile-x86-glb.exe
For Microsoft Word 2007 Service Pack 3:
word2007-kb3054996-fullfile-x86-glb.exe
For Microsoft Excel Viewer 2007 Service Pack 3:
xlview2007-kb2965209-fullfile-x86-glb.exe
For Microsoft Office Compatibility Pack:
xlconv2007-kb2965208-fullfile-x86-glb.exe
For Microsoft Word Viewer:
office-kb3054958-fullfile-enu.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee the file information section
Registry key verificationNot applicable

Microsoft Office 2010 (all editions) and other software

Reference table
The following table contains the security update information for this software.
Security update file nameFor Microsoft Office 2010 Service Pack 2 (32-bit editions):
kb24286772010-kb3054971-fullfile-x86-glb.exe
For Microsoft Office 2010 Service Pack 2 (64-bit editions):
kb24286772010-kb3054971-fullfile-x64-glb.exe
For Microsoft Excel 2010 Service Pack 2 (32-bit editions):
excel2010-kb3054981-fullfile-x86-glb.exe
For Microsoft Excel 2010 Service Pack 2 (64-bit editions):
excel2010-kb3054981-fullfile-x64-glb.exe
For Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions):
powerpoint2010-kb3054963-fullfile-x86-glb.exe
For Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions):
powerpoint2010-kb3054963-fullfile-x64-glb.exe
For Microsoft Word 2010 Service Pack 2 (32-bit editions):
word2010-kb3054973-fullfile-x86-glb.exe
For Microsoft Word 2010 Service Pack 2 (64-bit editions):
word2010-kb3054973-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee the file information section
Registry key verificationNot applicable

Microsoft Office 2013 (all editions)

Reference table
The following table contains the security update information for this software.
Security update file nameFor supported editions of Microsoft Excel 2013 (32-bit editions):
excel2013-kb3054949-fullfile-x86-glb.exe
For supported editions of Microsoft Excel 2013 (64-bit editions):
excel2013-kb3054949-fullfile-x64-glb.exe
For supported editions of Microsoft PowerPoint 2013 (32-bit editions):
powerpoint2013-kb3054999-fullfile-x86-glb.exe
For supported editions of Microsoft PowerPoint 2013 (64-bit editions):
powerpoint2013-kb3054999-fullfile-x64-glb.exe
For supported editions of Microsoft Word 2013 (32-bit editions)
word2013-kb3054990-fullfile-x86-glb.exe
For supported editions of Microsoft Word 2013 (64-bit editions)
word2013-kb3054990-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee the file information section
Registry key verificationNot applicable

Microsoft Office 2013 RT (all editions)

DeploymentThe 3054949 update for Microsoft Excel 2013 RT is available via Windows Update.
The 3054999 update for Microsoft PowerPoint 2013 RT is available via Windows Update.
The 3054990 update for Microsoft Word 2013 RT is available via Windows Update.
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationClick Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File informationSee the file information section

Office for Mac 2011

Prerequisites
  • Mac OS X version 10.5.8 or a later version on an Intel processor is required.
  • Mac OS X user accounts must have administrator credentials to install this security update.
  • Make sure that you have Office for Mac 2011 14.1.0 or a later version installed on your computer.
Installing the update
Download and install the appropriate language version of the Microsoft Office for Mac 2011 14.5.3 Update from the Microsoft Download Center. Then, follow these steps:
  1. Exit any applications that are running. This includes virus-protection applications and all Microsoft Office applications, because they could interfere with the installation.
  2. Open the Microsoft Office for Mac 2011 14.5.3 Update volume on your desktop. This step might have been performed for you.
  3. To start the update process, in the Microsoft Office for Mac 2011 14.5.3 Update volume window, double-click the Microsoft Office for Mac 2011 14.5.3 Update application, and then follow the instructions.
  4. When the installation is complete, you can remove the update installer from your hard disk. To verify that the installation finished successfully, see the "Verifying update installation" section. To remove the update installer, drag the Microsoft Office for Mac 2011 14.5.3 Update volume to the Trash, and then drag the file that you downloaded to the Trash.
Verifying update installation
To verify that a security update is installed on an affected system, follow these steps:
  1. In Finder, locate the Application Folder (Microsoft Office 2011).
  2. Select Word, Excel, PowerPoint, or Outlook, and start the application.
  3. On the application menu, click About <Application_Name> (where <Application_Name> is a placeholder that represents Word, Excel, PowerPoint, or Outlook).
If the Latest Installed Update Version number is 14.5.3, the update was successfully installed.

Restart requirement
This update does not require you to restart your computer.

Removing the update
This security update cannot be uninstalled.

More information
If you have technical questions or problems with downloading or using this update, see Microsoft for Mac Support to learn about the support options that are available to you.

Microsoft Office SharePoint Server 2007 (all editions) and Microsoft Office SharePoint Foundation 2007 (all editions)

Reference table
The following table contains the security update information for this software.
Security update file nameFor Excel Services on supported editions of Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions):
xlsrvapp2007-kb2837612-fullfile-x86-glb.exe
For Excel Services on supported editions of Microsoft SharePoint Server 2007 Service Pack 3 (64-bit editions):
xlsrvapp2007-kb2837612-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationThis security update cannot be removed.
File InformationSee the file information section
Registry key verificationNot applicable

Microsoft SharePoint Server 2010 (all editions) and Microsoft SharePoint Foundation 2010 (all editions)

Reference table
The following table contains the security update information for this software.
Security update file nameFor Excel Services on supported editions of Microsoft SharePoint Server 2010 Service Pack 2:
xlsrv2010-kb3054968-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationThis security update cannot be removed.
File InformationSee the file information section
Registry key verificationNot applicable

Microsoft SharePoint Server 2013 (all editions)

Reference table
The following table contains the security update information for this software.
Security update file nameFor Excel Services on supported editions of Microsoft SharePoint Server 2013 Service Pack 1:
xlsrvloc2013-kb3054861-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationThis security update cannot be removed.
File InformationSee the file information section
Registry key verificationNot  applicable

File hash information

File nameSHA1 hashSHA256 hash
xlsrvapp2007-kb2837612-fullfile-x86-glb.exe10DC134DFBEE313806112A78E4DE81038C0F066CD8DB184AC3014D8811CF725B7907A22195D2D9E11B44D57A621E08D704F7694B
kb24286772010-kb3054971-fullfile-x64-glb.exeD7207B0BF858E43AC5C0988FE803B2BB695C7B3EA935A59919FD3FF95FF6236290633A46B5D9607191F61900667DFABFB6691F03
xlsrvapp2007-kb2837612-fullfile-x64-glb.exeEF7255E5C4419AC9C1C8557D043D6387E3CEBBFB94ADC04DD881D6B14953A40004DD9E2C45E5D5F85AB7094FE9C5616A9C6E442C
kb24286772010-kb3054971-fullfile-x86-glb.exe58ACDCAF27364FA5502BDC5AAAA7C68982AE8212221D624EEA428490B47E21F1B2230DD1085D4FF9C569799048D341F361E37478
xlsrv2010-kb3054968-fullfile-x64-glb.exe123955103F42931C0ECDAFE9E9C14760375DE77698DBB48417250A49BD4BCE86942E85CC40D6676DF0ACFBCD97A7DD6129BA8034
excel2007-kb2965281-fullfile-x86-glb.exe08162638AB643D328CD5373ABC74C5126F0ACBC76D17391062C7A9D41528E788C3945DA0EB80B4C9711F1ED586F587CC2BBF2DD9
excel2010-kb3054981-fullfile-x86-glb.exe3A753FE2744BA1A6196B024B675297DB183620893D644933AD81479EDAC86FF51E8A9F2245A42F8E39371E8F7942CA4EA91E1D79
excel2010-kb3054981-fullfile-x64-glb.exe9B7492B9ED49F6C676F204BDF538189CA27960A1E8CAA137A6708C28FA55FFDE404431F15450958D9F8531E45CD8877AB65604A3
xlview2007-kb2965209-fullfile-x86-glb.exeCD4F8E4809E4761DE10B3204DB1D89D429CECBB1002DFF697E13D9B296BF86DB2AD9750DF8353AD008752845C4C48C4E82B47B32
vbe62007-kb2687409-fullfile-x86-glb.exe8F6B8EFB037D1F35CFDA206565B8CB3572B66BC40AE705DB9D854CC43FAD76CC6CFE880974E8037CF845AF324D6A75E15A0E1E3A
vbe72010-kb2687419-fullfile-x86-glb.exe005266081CF1577F969534BFF40DD4EC7946FCC04D86DE5162394F5AF434CA967760E411CD64030CF738B7E322571C810A037ACC
vbe72010-kb2687419-fullfile-x64-glb.exe16525CF86DFD866610E3631FB4EA8ABD5E61F0094511F07A1449902BF5F087256A06A09B65EB17E009C3541E3E7A515E9854ADA2
vbe72013-kb2752034-fullfile-x86-glb.exe443456862639534AB3AE19D0E47507D8839E563091F7302AAFF0FC6B26BC2ACADD304A064EF95AC167944CBB7179D6FFC39DF572
vbe72013-kb2752034-fullfile-x64-glb.exeD95265E3A5945534CE402BCF0F7985E3D0A9FD4A953B26D690C89BA22950DA6631723C8A1681E766BB0162D0F4A476C7E2F655F8
xlconv2007-kb2965208-fullfile-x86-glb.exe233148833E218DB8E76699A23FCCE35ED651E93D124276BDB41FEF3EAD64C39498A1CB9DA5BCC54AD68175BEA33A2C1913D4BAA2
powerpoint2007-kb2965283-fullfile-x86-glb.exe263696810825AD47E7D0F66F60608F40DF477D386C83F8809AB3F077383A598D538DAD49B25DECC93C2ED31837C7E2BB797167BC
powerpoint2010-kb3054963-fullfile-x86-glb.exeEF9EC4FC902FEB04611C4BF8429A258935D42C04090CB6A89997B87F9F89B92FC3BE947C3638BC235A7826CA7C7834B45C6AEFC5
powerpoint2010-kb3054963-fullfile-x64-glb.exe544CC963E0A2035FC4470F4725A0E2EF685E072C35A5854E5611BA001D8ED95D9D8D43BC0740194E315F41EA53B462DE4230391A
word2007-kb3054996-fullfile-x86-glb.exe18B2B3DED0FF0E8461983DE9DC0CE9005DD6F47FD9CCE54A39FAC676AD645E4831592E79335832B4331072CB8571CE13234B9781
word2010-kb3054973-fullfile-x86-glb.exe54B576FC2A6F6B28D71ED17A331D717B50DA1AFC9E039D4FEC9BE9CDB5AA26D6454AE986E8AD65CC5B0F25E2BDBFAA6CBCCF88E1
word2010-kb3054973-fullfile-x64-glb.exe18ED0001B5910B2406C53B37D9DF220B37691F9BB0D9CD23DA98C80BCEB952486B7D03151D8CB5FBBCA287BF96E4C6813538086A
xlsrvloc2013-kb3054861-fullfile-x64-glb.exe87F66313CBB4BECDDD8502BB1873F5E514E830C0868955444F0C53677C773EBE1A026D6C020616082205B51EFC0DA8CE874E6CEC

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Properties

Article ID: 3072620 - Last Review: 07/23/2015 15:22:00 - Revision: 2.0

Microsoft Office Excel 2007, Microsoft Office Excel 2007 (Home and Student version), Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office Home and Student 2013 RT, Excel Services in Microsoft Office SharePoint Server 2007, Excel Services in Microsoft SharePoint Server 2010, Excel Services in SharePoint Server 2013, Microsoft Office Excel Viewer 2007, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office for Mac Academic 2011, Microsoft Office for Mac Home and Business 2011, Microsoft Office for Mac Home and Business 2011 Home Use Program, Microsoft Office for Mac Home and Student 2011, Microsoft Office for Mac Standard 2011, Microsoft Office Word 2007, Microsoft Office Word 2007 (Home and Student version), Word Viewer, Microsoft Office PowerPoint 2007, Microsoft Office PowerPoint 2007 (Home and Student version)

  • kbexpertiseinter kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbsurveynew atdownload KB3072620
Feedback