This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS16-099
To apply this security update, you must have the release version of Service Pack 1 for Microsoft Office 2013
installed on the computer.
For a complete list of affected versions of Microsoft Office software, see Microsoft Knowledge Base article KB3177451
FAQQ: Does this release contain any additional security-related changes to functionality? A:
Yes. In addition to the security updates that address the vulnerabilities that are described in this bulletin, Microsoft is releasing updates to add a security feature improvement. These updates provides additional information to users when Outlook makes a network connection through a proxy server that requires authentication.
Sometimes, the additional information is not available. In this situation, Outlook silently prevents the connection. This is true in the following configurations:
- From Outlook 2007 or Outlook 2010, any connection to AutoDiscover or Exchange Web Services
- From Outlook 2010, any connections that uses MAPI over HTTP
- From Outlook 2013 or Outlook 2016, any connection to AutoDiscover or Exchange Web Services if the primary mailbox uses a remote procedure call (RPC) or RPC over HTTP connection.
You can use the AllowOutlookHttpProxyAuthentication
registry entry to allow Outlook to connect in these configurations after it prompts the user for credentials. Important
This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
To allow Outlook to make a connection through an authenticating proxy without using the security feature enhancement, add a DWORD value that's named AllowOutlookHttpProxyAuthentication
and that has a value of 1
to the following registry subkey, as appropriate for your version:
To add this registry entry, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Locate and then click the appropriate subkey in the registry.
- On the Edit menu, point to New, and then click DWORD Value.
- Type AllowOutlookHttpProxyAuthentication for the name of the DWORD, and then press Enter.
- Right-click AllowOutlookHttpProxyAuthentication, and then click Modify.
- In the Value data box, type 1, and then click OK.
- Exit Registry Editor, and then restart Outlook.
Security update deployment information
For deployment information about this update, see Microsoft Knowledge Base article KB3177451
Security update replacement information
This security update doesn't replace any previously released update.
File hash information
|Package Name||Package Hash SHA 1||Package Hash SHA 2|
The English version of this security update has the file attributes (or later file attributes) that are listed in the following table.ERROR: PhantomJS timeout occurreded