MS15-099: Vulnerabilities in Microsoft Office could allow remote code execution: September 8, 2015

Summary
This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Office file. To learn more about the vulnerability, see Microsoft Security Bulletin MS15-099.
More information about this security update
The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information.

Non-security-related fixes that are included in this security update

  • Enables single sign-on (SSO) for ADAL on cloud domain-joined computers. On cloud domain-joined computers that have Modern Authentication enabled, domain accounts seem to be logged in. However, you can't open files.
  • Selecting an icon set for a KPI in PowerPivot is ignored in Microsoft Excel 2013.
  • This update also contains fixes for the following nonsecurity issues:
    • Consider the following scenario:
      • You add an ActiveX combo box control or an ActiveX list box control to a workbook in Microsoft Excel 2010.
      • The ListFillRange property of the control refers to the data of another worksheet in the workbook.
      • You zoom the views of both worksheets to different zoom factors that are not 100 percent.
      • You try to change the selection of the combo box control or the list box control.
      In this scenario, you may receive the following error message:

      Not enough system resources to display completely.

    • Charts can't be inserted in other Office applications such as Word or PowerPoint if an add-in from a network location is loaded in Excel 2013.
    • Some object model calls (Range::HasArray, Range:HasFormula and Range::NumberFormat) are slower in Excel 2013 than in earlier versions of Excel.
    • When you try to use a third-party application to host Excel 2013 to open a workbook externally in an Excel window, the window opens without a workbook.
    • When you enable the Always use connection file option for an ODBC connection to any data source such as Microsoft Access or Microsoft SQL Server in Excel 2013, Excel 2013 may crash.
    • Fixes an issue that hides detailed error messages from the Power Query users in various scenarios and causes a generic error notification to be displayed instead.
    • When you print or print preview a worksheet in Excel 2013, the name of a group box (form control) is displayed in an incorrect position.
    • When you copy and paste cells that have conditional formatting set in Excel 2013, the conditional formatting rules are duplicated even though the rules already exist in the cells.

      Note After you apply the update, you have to follow the instructions in the "Registry information" section to fix this issue.
    • Certain edits in PowerPivot cause Power Query connections to be read-only in Excel and block additional edits in Power Query. For more information, see Editing columns and tables from a Power Query connection is no longer possible by using PowerPivot in Excel 2013.
    • Sometimes you receive an out-of-memory error when you create a new Excel window after you use an Excel preview window in Microsoft Outlook.
    • When you print or print preview a worksheet in Excel 2010, the name of a group box (form control) is displayed in an incorrect position.
    • This update changes the way temporary file names are generated for features such as opening read-only files from share folders, sending workbooks as email attachments and interacting with shared workbooks. Therefore, more valid names for .tmp files can be generated. This greatly increases the number of .tmp files that can be opened before a duplicate name occurs.
    • When a user profile is deleted from My Site, an email is sent to the user's manager. However, this email contains a link to the user's root My Site, and this My Site no longer exists. In addition, you receive the following error message:

      User not found.

    • When you type a space in the people picker to add a user to a SharePoint group for a Microsoft SharePoint Server 2013 site, a specified permission is added to the group unexpectedly. However, you expect the people picker to report no match.
    • When you enable the Metadata Navigation and Filtering feature in a SharePoint Server 2013 site and select a metadata tag in the site, no results are displayed if the number of terms in the navigation is large.
    • When the Windows SharePoint Services Tracing (SPTrace) service is set up to run under a managed account and the managed account password is changed through SharePoint, the service isn't updated to use the new password and does not start. You may receive an error message that resembles the following:

      Windows could not start the "SharePoint Tracing Service" on Local Computer.
      Error: 1069: The service did not start due to a logon failure.
    • When you try to change the password of a distributed cache account on a SharePoint Server 2013 server, you receive the following error message if the server does not have a distributed cache service instance provisioned:

      Sorry, something went wrong.
      Operation is not valid due to the current state of the object.
    • You can't set connections for a filter web part on a SharePoint Server 2013 site because the Connection Type combo box has no value.
    • When you try to edit a document in a subfolder of a SharePoint Server 2013 document library, you receive the following error message:

      A problem occurred while connecting to the server. If the problem continues, contact your administrator.
      This issue occurs if you are granted permission to the document by the Shared With function and if the Require Check Out option is enabled for the document library.
    • When you try to use Microsoft Visio 2013 to check in a file to a SharePoint Server 2013 document library that has required columns, you receive an error message resembles the following:

      Internal error: #3400 Action 1787: Check In File.

    • When you open a .pdf file in a SharePoint Server 2013 document library that has the Open in the client application option enabled, the .pdf file is still opened in browser.
    • File name is NULL and IAVFileProperties are empty or invalid in SharePoint VSAPI Scan call for old version documents.
    • When you upload a Word 2013 document that has a certain custom property to a document library, the w3wp.exe process crashes.
    • VSAPI doesn't get a subweb relative URL while it downloads a document through explorer view.
    • When you select links in an item of a promoted link list, all links are opened in the same tab even though the launch behavior is set to open links in a new tab.
    • After you change the color of a task bar on project timelines in project center, the color of other task bars is changed unexpectedly.
    • When you rest the mouse pointer on documents that are returned on the Search Center site, you can't see the preview of the documents but instead receive the following message:

      To start seeing previews, please log on by opening the document.
      This issue occurs if the Search Center site is located on a web application that uses the Kerberos authentication.
    • Performance and correctness issues in Windows Azure plugin.
More information

Security update deployment information

Microsoft Office 2016 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor supported editions of Microsoft Office 2016 (32-bit editions):
conv2016-kb3085635-fullfile-x86-glb.exe
For supported editions of Microsoft Office 2016 (64-bit editions):
conv2016-kb3085635-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base article 3085635
Registry key verificationNot applicable

The 2007 Microsoft Office suite (all editions)

Reference table
The following table contains the security update information for this software.
Security update file nameFor Microsoft Office 2007 Service Pack 3:
convloc2007-kb3085620-fullfile-x86-glb.exe
Security update file nameFor Microsoft Excel 2007 Service Pack 3:
excel2007-kb3085543-fullfile-x86-glb.exe
For Microsoft Excel Viewer 2007 Service Pack 3:
xlview2007-kb3054995-fullfile-x86-glb.exe
For Microsoft Office Compatibility Pack:
xlconv2007-kb3054993-fullfile-x86-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base article 3085620
See Microsoft Knowledge Base article 3085543
See Microsoft Knowledge Base article 3054995
See Microsoft Knowledge Base article 3054993
Registry key verificationNot applicable

Microsoft Office 2010 (all editions) and other software

Reference table
The following table contains the security update information for this software.
Security update file nameFor Microsoft Office 2010 Service Pack 2 (32-bit editions):
convloc2010-kb3085560-fullfile-x86-glb.exe
For Microsoft Office 2010 Service Pack 2 (64-bit editions):
convloc2010-kb3085560-fullfile-x64-glb.exe
For Microsoft Excel 2010 Service Pack 2 (32-bit editions):
excel2010-kb3085526-fullfile-x86-glb.exe
For Microsoft Excel 2010 Service Pack 2 (64-bit editions):
excel2010-kb3085526-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base article 3085560
See Microsoft Knowledge Base article 3085526
Registry key verificationNot applicable

Microsoft Office 2013 (all editions)

Reference table
The following table contains the security update information for this software.
Security update file nameFor supported editions of Microsoft Office 2013 (32-bit editions):
conv2013-kb3085572-fullfile-x86-glb.exe
For supported editions of Microsoft Office 2013 (64-bit editions):
conv2013-kb3085572-fullfile-x64-glb.exe
For supported editions of Microsoft Excel 2013 (32-bit editions):
excel2013-kb3085502-fullfile-x86-glb.exe
For supported editions of Microsoft Excel 2013 (64-bit editions):
excel2013-kb3085502-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base article 3085572
See Microsoft Knowledge Base article 3085502
Registry key verificationNot applicable

Microsoft Office 2013 RT (all editions)

DeploymentThe 3085572 update for Microsoft Office 2013 RT is available via Windows Update.
The 3085502 update for Microsoft Excel 2013 RT is available via Windows Update.
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationClick Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File informationSee Microsoft Knowledge Base article 3085572
See Microsoft Knowledge Base article 3085502

Office for Mac 2011

Prerequisites
  • You must be running Mac OS X version 10.5.8 or a later version on an Intel processor.
  • Mac OS X user accounts must have administrator credentials to install this security update.
  • You must have Office for Mac 2011 14.1.0 or a later version installed on your computer.
Installing the update
Download and install the appropriate language version of the Microsoft Office for Mac 2011 14.5.5 Update from the Microsoft Download Center. Then, follow these steps:
  1. Exit any applications that are running. This includes virus-protection applications and all Microsoft Office applications because they could interfere with the installation.
  2. Open the Microsoft Office for Mac 2011 14.5.5 Update volume on your desktop.

    Note This step might have been performed for you.
  3. To start the update process, double-click the Microsoft Office for Mac 2011 14.5.5 Update application in the Microsoft Office for Mac 2011 14.5.5 Update volume window, and then follow the instructions.
  4. When the installation is finished, you can remove the update installer from your hard disk. To verify that the installation finished successfully, see the "Verifying update installation" section. To remove the update installer, drag the Microsoft Office for Mac 2011 14.5.5 Update volume to the Trash, and then drag the file that you downloaded to the Trash.
Verifying update installation
To verify that a security update is installed on an affected system, follow these steps:
  1. In Finder, locate the Application Folder (Microsoft Office 2011).
  2. Select Word, Excel, PowerPoint, or Outlook, and start the application.
  3. On the application menu, click About <Application_Name> (where <Application_Name> represents Word, Excel, PowerPoint, or Outlook).
If the Latest Installed Update Version number is 14.5.5, the update was successfully installed.

Restart requirement
This update does not require you to restart your computer.

Removing the update
This security update cannot be uninstalled.

More information
If you have technical questions or problems with downloading or using this update, see Microsoft for Mac Support to learn about the support options that are available to you.

Office for Mac 2016

Prerequisites
  • Mac OS X version 10.10 or a later version on an Intel processor.
  • Mac OS X user accounts must have administrator privileges to install this security update.
Installing the update
Download and install the appropriate language version of the Microsoft Office for Mac 2016 15.14.0 Update from the Microsoft Download Center. Then, follow these steps:
  1. Exit any applications that are running, including virus-protection applications and all Microsoft Office applications because they could interfere with the installation.
  2. Open the Microsoft Office for Mac 2016 15.14.0 Update volume on your desktop.

    Note This step might have been performed for you.
  3. To start the update process, double-click the Microsoft Office for Mac 2016 15.14.0 Update application in the Microsoft Office for Mac 2016 15.14.0 Update volume window, and then follow the instructions.
  4. When the installation is finished, you can remove the update installer from your hard disk. To verify that the installation finished successfully, see the "Verifying update installation" section. To remove the update installer, first drag the Microsoft Office for Mac 2016 15.14.0 Update volume to the Trash, and then drag the file that you downloaded to the Trash.
Verifying update installation
To verify that a security update is installed on an affected system, follow these steps:
  1. In Finder, locate the Application Folder (Microsoft Office 2016).
  2. Select Word, Excel, PowerPoint, or Outlook, and start the application.
  3. On the application menu, click About Application_Name (where Application_Name is Word, Excel, PowerPoint or Outlook).
If the Latest Installed Update Version number is 15.14.0, the update was successfully installed.

Restart requirement
This update does not require you to restart your computer.

Removing the update
This security update cannot be uninstalled.

More information
If you have technical questions or problems with downloading or using this update, see Microsoft for Mac Support to learn about the support options that are available to you.

Microsoft Office Web Apps 2013 (all versions)

Reference table
The following table contains the security update information for this software.
Security update file nameFor all supported editions of Microsoft Office Web Apps Server 2013 Service Pack 1:
wacserver2013-kb3085487-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationThis security update cannot be removed.
File InformationSee the file information section
Registry key verificationNot applicable

Microsoft SharePoint Server 2013 and SharePoint Foundation 2013 (all editions)

Reference table
The following table contains the security update information for this software.
Security update file nameFor supported editions of Microsoft SharePoint Server 2013::
acsrvloc2013-kb3054813-fullfile-x64-glb.exe
For Excel Services on supported editions of Microsoft SharePoint Server 2013 Service Pack 1:
xlsrvloc2013-kb3085483-fullfile-x64-glb.exe
For Microsoft SharePoint Server 2013 and Microsoft SharePoint Foundation 2013:
sts2013-kb3085501-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationThis security update cannot be removed.
File informationSee the file information section
Registry key verificationNot applicable

File hash information

Package NamePackage Hash SHA 1Package Hash SHA 2
acsrvloc2013-kb3054813-fullfile-x64-glb.exe248C8D59FB76079D7DFE9FCA95E2FE2D63659AD16AA048C82242A1B556AF0D020F84E1517DE5B2D62E54ED6B77B5501F72DC14FD
conv.exe (x64)2CFE91AF909CB672F76FD7A52F26618E4A8B62D4FC45184BFF7DDA46E00F0750B41E96919E1110C3897E9799F29253FD5925DDD6
conv.exe (x86 )D0CE53FFAAC18E3D73A6B0F23CEBCB42AFFEAC0AD9FB026829456EF371ADB170F87CCCAD6BD1E0A485205031C39E84510A08EB85
conv2013-kb3054932-fullfile-x64-glb.exe10E4DDFEFD102E3EE727E67A2617652B7470D51476DAA45B7FE6474A54068134D8796B1D37CAF61192D41EA07112D01E33E356AF
conv2013-kb3054932-fullfile-x86-glb.exe32B040476B0578E0FACA30F3D91B6AD213F5CD5FB6FA4D966CAF8A55CF428730662492450B1DCAE1EAE21F2071F4E20FB57A3783
convloc2007-kb3054987-fullfile-x86-glb.exeD27F4442E3646251A96ABD5B1E683E4DAE58B0B72F98AB638E5266E690BD9ACC3BFB22D84479223AAC192CCA9C1155B6EBE101F1
convloc2010-kb3054965-fullfile-x64-glb.exe6F8E68B50735027C92D077CED16B549027A563EF4602E53369C30D5FA0DE9ECFF86FF4D17B7400932C1FF72EE6E8983FF42FE81A
convloc2010-kb3054965-fullfile-x86-glb.exeE7C07D20CBB2F4C394C2A80D10BF59414570977A12BC5070907620812C24CDD23FFF1E9BD3BB59CDE556509458170ACC09D06551
excel2007-kb3085543-fullfile-x86-glb.exe4A1B9E834728866D52DFEC57C82D6E1E7469083C4F7F363B30C341C56577A64F686A6D4E8A39DDAA016FD92A68A2A487D83E6727
excel2010-kb3085526-fullfile-x64-glb.exeDA8F620BC5A868238ED39EB51B2C3672C82E1B0354D05DDD06C1AE21FC764B60610A7356D11DC4FEED2053CE77D2869513CE17EF
excel2010-kb3085526-fullfile-x86-glb.exeE139E895F90FCF6761436520F2E6E5BFC2DE0A811363E7A31683FF7B3A76373059B2267781C0C6604C4A25423E49E1A19E1812EB
excel2013-kb3085502-fullfile-x64-glb.exeDB16BFC2B60583C87A4C9B486CCCC32135B94FEC817324DB0454C5657B3E281AE9C6D265B8409EAD2444567C1774E46653C79C5C
excel2013-kb3085502-fullfile-x86-glb.exe71182A1A0780F7D497173E8D7217BBFC2121827E405BBDE64BDD37F06D7D3AD52EA82EDE2B54A4821361E41D87996C6AC26E02FC
sts2013-kb3085501-fullfile-x64-glb.exe5B1C8C90870787611BCD19399F612A8A16F0BCFA74EBC495C7563F8994BFFC74AAAA26E997B5A2222D9A83D24C13C7568B27C190
wacserver2013-kb3085487-fullfile-x64-glb.exe9690E201811DCE5FF57A051686809695C7E0F603B34E22DB2B920FFF10E7894A1175A981907E3E64378C1EE919F3F92E86A89D34
xlconv2007-kb3054993-fullfile-x86-glb.exe4D86F51D13BFEB40BA8E4E8E5929C3117F134EB0B7EB3F1F3D50F2CEA2F9CC246DDF2E1F943B881EA5C0EFDF6270A51E90568943
xlsrvloc2013-kb3085483-fullfile-x64-glb.exe0C6ED0CC16EC90E521E7511041A2453E2E5E27FB948945AC9853B906B42CC3F27E59120374BF009BB6E9C8499645017C3187E32F
xlview2007-kb3054995-fullfile-x86-glb.exe6643C2E6AFA2FCB9264F45617EB1FEC24C1CC766E98F6ABB0AFC7770DBD90B1B039255221627447FCFC9DD7FF94C9038825E61A9

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Properties

Article ID: 3089664 - Last Review: 11/10/2015 18:39:00 - Revision: 4.0

Microsoft Office Excel 2007, Microsoft Office Excel 2007 (Home and Student version), Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office Excel Viewer 2007, Microsoft Office 2016 for Mac, Microsoft Office for Mac 2011 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft SharePoint Foundation 2013 Service Pack 1, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

  • kbexpertiseinter kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbsurveynew atdownload KB3089664
Feedback