MS15-131: Security update for Microsoft Office to address remote code execution: December 8, 2015

Summary
This security update resolves a vulnerability in Microsoft Office. To learn more about the vulnerability, see Microsoft Security Bulletin MS15-131.
More information about this security update
The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information.

Nonsecurity-related fixes and improvements that are included in this security update

  • This security update adds support for Mail Apps API requirement set 1.3 to Outlook 2013.

    Note To apply this update, install this security update together with December 8, 2015, update for Outlook 2013 (KB3114358). See KB3085636 for more information.
  • Renames the "Add-Ins" string to the "Add-ins" string for consistency.
  • This security update also contains fixes for the following nonsecurity issues:
    • When there is more than one ActiveX (OCX) object in a document in Word 2013, an infinite scroll occurs between objects. This issue occurs after you apply MS15-022: Description of the security update for Word 2013: March 10, 2015 (KB2956163).
    • When you use a printer to print a document, and then you change to another printer programmatically in Word 2013, Word 2013 may crash.
    • When you reopen a drawing that contains a Word object in Visio 2016, the Word object that is displayed as an icon doesn't appear. If you press Ctrl+A to select all shapes in the document to locate the Word object and then try to change the icon in the Convert dialog box, you receive the following error message:
      An error (1424) occurred during the action Convert Object.
      The object is empty.

    • When you press the F9 key repeatedly to update a nested field (an IF field that has a condition for a Caps switch) in Word 2016, the result of the field calculation that is displayed toggles between the condition in which all letters are capitalized and the condition in which the first letter is a capital.
    • The ContentControlOnExit event isn't triggered when you edit a content control in the document body and then click into the header of a document in Word 2016.

    • After you enable the Track Changes function in Word 2016, deleted text is tracked for reviewers that have the same user name.
    • Assume that you have a document that has footnotes and both manual and automatic page breaks in Word 2016. You set the Numbering to Restart each page in the Footnote and Endnote dialog box. When you print a document in the background, footnote numbers in the printout are numbered consecutively instead of being restarted on each page.
    • Some text about document upload errors and digital signatures are unreadable on the Backstage in Word 2016 that uses the Dark Gray theme.
    • HTML tables aren't displayed correctly in documents in Word 2016.
    • When you use add-ins API to set content control text in a co-authoring session in Word 2016, Word 2016 may crash.
    • If a range only contains the close tag of a content control, the Range.ContentControls property doesn't collect the content control.
    • Translates some terms in multiple languages to make sure of accurate meaning.
More information

Security update deployment information

The 2007 Microsoft Office system (all editions) and other software

Reference Table

The following table contains the security update information for this software.
Security update file nameFor the 2007 Microsoft Office system, Service Pack 3:
msptls2007-kb3085549-fullfile-x86-glb.exe
mso2007-kb3114425-fullfile-x86-glb.exe
For Excel 2007 Service Pack 3:
excel2007-kb3114422-fullfile-x86-glb.exe
For Word 2007 Service Pack 3:
word2007-kb3114458-fullfile-x86-glb.exe
For Microsoft Office Compatibility Pack:
xlconv2007-kb3114433-fullfile-x86-glb.exe
wordconv2007-kb3114457-fullfile-x86-glb.exe
For Microsoft Excel Viewer:
xlview2007-kb3114433-fullfile-x86-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 3085549
See Microsoft Knowledge Base Article 3114425
See Microsoft Knowledge Base Article 3114422
See Microsoft Knowledge Base Article 3114458
See Microsoft Knowledge Base Article 3114433
See Microsoft Knowledge Base Article 3114457
Registry key verificationNot applicable

Microsoft Office 2010 (all editions)

Reference table
The following table contains the security update information for this software.
Security update file nameFor Microsoft Office 2010 Service Pack 2 (32-bit editions)
kb24286772010-kb3114403-fullfile-x86-glb.exe
msptls2010-kb3085528-fullfile-x86-glb.exe
For Microsoft Office 2010 Service Pack 2 (64-bit editions)
kb24286772010-kb3114403-fullfile-x64-glb.exe
msptls2010-kb3085528-fullfile-x64-glb.exe
For Microsoft Office 2010 Service Pack 2 (32-bit editions)
kb24286772010-kb3114403-fullfile-x86-glb.exe
For Microsoft Office 2010 Service Pack 2 (64-bit editions)
kb24286772010-kb3114403-fullfile-x86-glb.exe
For Microsoft Excel 2010 Service Pack 2 (32-bit editions)
excel2010-kb3114415-fullfile-x86-glb.exe
For Microsoft Excel 2010 Service Pack 2 (64-bit editions)
excel2010-kb3114415-fullfile-x64-glb.exe
For Microsoft Word 2010 Service Pack 2 (32-bit editions):
word2010-kb3101532-fullfile-x86-glb.exe
For Microsoft Word 2010 Service Pack 2 (64-bit editions):
word2010-kb3101532-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 3114403
See Microsoft Knowledge Base Article 3085528
See Microsoft Knowledge Base Article 3114403
See Microsoft Knowledge Base Article 3114415
See Microsoft Knowledge Base Article 3101532
Registry key verificationNot applicable

Microsoft Office 2013 (all editions)

Reference table
The following table contains the security update information for this software.
Security update file nameFor supported editions of Microsoft Word 2013 Service Pack 1 (32-bit editions):
word2013-kb3114342-fullfile-x86-glb.exe
For supported editions of Microsoft Word 2013 Service Pack 1 (64-bit editions):
word2013-kb3114342-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 3114342
Registry key verificationNot applicable

Microsoft Office 2013 RT (all editions)

DeploymentThe 3114342 update for Microsoft Word 2013 RT is available through Windows Update.
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationClick Control Panel, click System and Security, and then click Windows Update. Under See also, click Installed updates, and then select from the list of updates.
File informationSee Microsoft Knowledge Base Article 3114342

Microsoft Office 2016 (all editions)

Reference table
The following table contains the security update information for this software.
Security update file nameFor Microsoft Word 2016 (32-bit edition):
word2016-kb3114382-fullfile-x86-glb.exe
For Microsoft Word 2016 (64-bit edition):
word2016-kb3114382-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 3114382
Registry key verificationNot applicable

Office for Mac 2011

Prerequisites
  • You must be running Mac OS X version 10.5.8 or a later version on an Intel processor.
  • Mac OS X user accounts must have administrator credentials to install this security update.
Installing the update
Download and install the appropriate language version of the Microsoft Office for Mac 2011 14.5.8 Update from the Microsoft Download Center. Then, follow these steps:
  1. Exit any applications that are running. This includes virus-protection applications and all Microsoft Office applications because they could interfere with the installation.
  2. Open the Microsoft Office for Mac 2011 14.5.8 Update volume on your desktop. This step might have been performed for you.
  3. To start the update process, in the Microsoft Office for Mac 2011 14.5.8 Update volume window, double-click the Microsoft Office for Mac 2011 14.5.8 Update application, and then follow the instructions.
  4. When the installation is complete, you can remove the update installer from your hard disk. To verify that the installation finished successfully, see the "Verifying update installation" section. To remove the update installer, drag the Microsoft Office for Mac 2011 14.5.8 Update volume to the Trash, and then drag the file that you downloaded to the Trash.
Verifying update installation
To verify that a security update is installed on an affected system, follow these steps:
  1. In Finder, locate the Application Folder (Microsoft Office 2011).
  2. Select Word, Excel, PowerPoint, or Outlook, and start the application.
  3. On the application menu, click About <Application_Name> (where <Application_Name> is a placeholder that represents Word, Excel, PowerPoint, or Outlook).
If the Latest Installed Update Version number is 14.5.8, the update was successfully installed.

Restart requirement
This update doesn't require you to restart your computer.

Removing the update
This security update cannot be uninstalled.

More information
If you have technical questions or problems with downloading or using this update, see Microsoft for Mac Support to learn about the support options that are available to you.

Office 2016 for Mac

Prerequisites
  • Mac OS X Yosemite 10.10 or a later version on an Intel processor.
  • A valid Microsoft Office 365 subscription.
Installing the update
Download and install the appropriate language version of the Microsoft Office 2016 for Mac 15.16.0 Update from the Microsoft Download Center. Then, follow these steps:
  1. Exit any applications that are running. This includes virus-protection applications and all Microsoft Office applications because they could interfere with the installation.
  2. Open the Microsoft Office 2016 for Mac 15.16.0 Update volume on your desktop. This step might have been performed for you.
  3. To start the update process, in the Microsoft Office 2016 for Mac 15.16.0 Update volume window, double-click the Microsoft Office 2016 for Mac 15.16.0 Update application, and follow the instructions.
  4. When the installation finishes successfully, you can remove the update installer from your hard disk. To verify that the installation finished successfully, see the "Verifying update installation" section. To remove the update installer, first drag the Microsoft Office 2016 for Mac 15.16.0 Update volume to the Trash, and then drag the file that you downloaded to the Trash.
Verifying update installation
To verify that a security update is installed on an affected system, follow these steps:
  1. In Finder, locate the Application Folder (Microsoft Office 2016).
  2. Select Word, Excel, PowerPoint, or Outlook, and start the application.
  3. On the application menu, click About Application_Name (where Application_Name is Word, Excel, PowerPoint or Outlook).
If the Latest Installed Update Version number is 15.16.0, the update was successfully installed.

Restart requirement
This update doesn't require you to restart your computer.

Removing the update
This security update cannot be uninstalled.

More information
If you have technical questions or problems with downloading or using this update, see Microsoft for Mac Support to learn about the support options that are available to you.

How to get help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Properties

Article ID: 3116111 - Last Review: 12/11/2015 04:54:00 - Revision: 2.0

Word 2016, Microsoft Office 2013 Service Pack 1, Microsoft Office 2010 Service Pack 2, 2007 Microsoft Office Suite Service Pack 3, Microsoft Office Enterprise 2007, Microsoft Office Enterprise 2007 Home Use Program, Microsoft Office Professional 2007, Microsoft Office Standard 2007, Microsoft Office Home and Student 2007, Microsoft Office Small Business 2007, Microsoft Office Basic 2007, Microsoft Office Excel 2007, Microsoft Office Excel 2007 (Home and Student version), Microsoft Office Word 2007, Microsoft Office Word 2007 (Home and Student version), Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office Excel Viewer 2007

  • kbexpertiseinter kbsecurity kbsecbulletin kbsecvulnerability kbbug kblist kbfix kbsurveynew KB3116111
Feedback