MS16-015: Security Update for Microsoft Office to Address Remote Code Execution: February 9, 2016

Summary
This security update resolves vulnerabilities in Microsoft Office. To learn more about the vulnerabilities, see Microsoft Security Bulletin MS16-015.
More information about this security update
The following articles contain more information about this security update as it relates to individual product versions. These articles may contain known issue information.

Nonsecurity-related fixes and improvements that are included in this security update

  • Adds telemetry that will help find the root cause of why rendering can stop working when the system is running low on memory.
  • Enables an add-in developer to receive a list of API requirement sets.
  • Includes translations for several terms in multiple languages to improve accuracy of meaning.
  • Makes sure that the calls to the Word API between client and servers are consistent. For example, if you insert a paragraph into a document, the reference ID is consistent between client and servers.
  • Enables an add-in developer to receive a list of API requirement sets.
  • Translates some functionalities in multiple languages for the accuracy of meaning and to avoid duplication.
  • Includes translations for several terms in multiple languages to improve the accuracy of meaning.
  • Contains fixes for the following nonsecurity issues:
    • OneNote 2010 may fail to synchronize a notebook that's shared with OneNote 2016 and you receive the error 0xE00001C5.
    • An Office add-in that overrides the default functionalities, such as copy or paste, and uses a delay loading can't be loaded in Office 2010 applications.
    • When you try to use the Save As function to save a document to a WebDAV server in an Office 2010 application, the Office 2010 application may crash. This issue occurs after you install October 13, 2015, update for Office 2010 (KB3055034) or later.
    • When you scroll HTML email messages in Outlook 2013 or Word 2013, Outlook 2013 or Word 2013 may stop responding.
    • If you step through codes (for example, use the Step Into function) in a document in Word 2013, Word 2013 may crash.
    • If you use Visual Studio Tools for Office (VSTO) tools to run some code in a document in Word 2013, a user selection is lost in the document.
    • When Office add-ins communicates with Word 2013, Word 2013 may go to sleep if there's no UI action and stop responding to add-ins.
    • If document uses some East Asian fonts, quotation marks might clash with neighboring characters.
    • Screen readers can't read document types in a document library.
    • When you insert multicolumn, multi-row, or text to a new SharePoint page, an additional column is created and text is shifted incorrectly.
    • Screen readers can't read or access information panels in SharePoint Server 2013.
    • You can't define a default value for a person or group field of a document set. The value should appear whenever a new item is created.
    • If the claim map cache fills up in SharePoint Server 2013, a race condition is created that causes poor user experience.
    • After you delete a SharePoint group from a site, certain SQL database may be locked. This causes farm availability issues.
    • Assume that you apply a SharePoint theme to a subsite. When you add an app to the subsite, the theme isn't applied to the app correctly.
    • If you start a crawl of a content source, the Mssearch.exe process causes high CPU usage.
    • If you apply more than one filter to a subtask, the parent task is filtered out and is no longer displayed.
    • Assume that you create a page on a site that has the SharePoint Server Publishing feature enabled. When you preview the page URL, hyphens are displayed in the URL instead of spaces.
    • The storage size of a site collection is decreased more than the original value during deletion of recycle bin items.
    • When you try to check in a file in a list but not in a document library, you receive the following error message:
      The object specified does not belong to a list.
    • After you install MS16-004: Description of the security update for SharePoint Foundation 2013: January 12, 2016, you can't view items in custom lists. Meanwhile, you receive the following error message:
      TypeError: Unable to get property 'replace' of undefined or null reference.
    • You can copy or save images of an IRM protected document in an Office Web App in Safari unexpectedly.
    • After you save a workbook that contains a link to an Excel Add-in to an OneDrive for Business folder, the link to the Excel Add-in may be broken.
    • When you use Excel 2016 to open a custom .xls file that isn't created in Excel, Excel 2016 may crash.
    • When Office add-ins communicates with Word 2016, Word 2016 may go to sleep if there's no UI action and stop responding to add-ins.
    • Assume that you save a document by using the Save As function in Word 2016. When you open the new document, the path of the linked document in the new document is changed unexpectedly.
    • Real Time Collaboration in Word 2016 could result in additional unnecessary locks on newly inserted paragraphs.
    • Incorrect output on paragraphs that have locks when Word 2016 merges a local document copy with changes on the server during Real Time Collaboration causes potential data duplication.
    • When you start a crawl for some content that has some links, the crawl fails because of the large number of links. After multiple failures, the content is deleted unexpectedly. After this update, you can set a maximum number of links to be sent to the index.
    • After you restore host header named site collections in SharePoint Server 2013, the site URLs of nondefault zones don't take the site URL configuration of the destination web application into account.
    • When you create a Visual Studio workflow and use the WaitForItemEvent activity against an item, the item ID is ignored.
    • It takes a long time to remove a column filter for a large table in Excel 2013. This issue occurs in Windows 8 or Windows 8.1 that has Narrator enabled, or on a Windows 10 touch-enabled device.
    • After you save a workbook that contains a link to an Excel Add-in to an OneDrive for Business folder, the link to the Excel add-in may be broken.
    • When you change a PivotTable filter in Excel 2013, you receive the following false error message:
      Operation cancelled by user.
    • If you open and close an add-in from a network location by using VBA in Excel 2013, the add-in may be deleted.
    • After you migrate from classic-mode to claims-based authentication in SharePoint Server 2013, you can't access the document author property. Meanwhile, the User Not Found exception is displayed.
More information

Security update deployment information

The 2007 Microsoft Office system (all editions) and other software

Reference Table

The following table contains the security update information for this software.
Security update file nameFor Microsoft Office 2007 Service Pack 3:
mso2007-kb3114742-fullfile-x86-glb.exe
For Microsoft Excel 2007 Service Pack 3:
excel2007-kb3114741-fullfile-x86-glb.exe
For Microsoft Word 2007 Service Pack 3:
word2007-kb3114748-fullfile-x86-glb.exe
For Microsoft Excel Viewer:

xlview2007-kb3114747-fullfile-x86-glb.exe
For Microsoft Word Viewer:
office-kb3114773-fullfile-enu.exe
For Microsoft Office Compatibility Pack:
wordconv2007-kb3114548-fullfile-x86-glb.exe
xlconv2007-kb3114745-fullfile-x86-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee the file information section
Registry key verificationNot applicable

Microsoft Office 2010 (all editions)

Reference table
The following table contains the security update information for this software.

Security update file nameFor Microsoft Office 2010 Service Pack 2 (32-bit editions):
kb24286772010-kb3114752-fullfile-x86-glb.exe
For Microsoft Office 2010 Service Pack 2 (64-bit editions)
kb24286772010-kb3114752-fullfile-x64-glb.exe
For Microsoft Excel 2010 Service Pack 2 (32-bit editions)
excel2010-kb3114759-fullfile-x86-glb.exe
For Microsoft Excel 2010 Service Pack 2 (64-bit editions)
excel2010-kb3114759-fullfile-x64-glb.exe
For Microsoft Word 2010 Service Pack 2 (32-bit editions)
word2010-kb3114755-fullfile-x86-glb.exe
For Microsoft Word 2010 Service Pack 2 (64-bit editions)
word2010-kb3114755-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee the file information section
Registry key verificationNot applicable

Microsoft Office 2013 (all editions)

Reference table
The following table contains the security update information for this software.

Security update file nameFor supported editions of Microsoft Excel 2013 (32-bit editions)
excel2013-kb3114734-fullfile-x86-glb.exe
For supported editions of Microsoft Excel 2013 (64-bit editions)
excel2013-kb3114734-fullfile-x64-glb.exe
For supported editions of Microsoft Word 2013 (32-bit editions)
word2013-kb3114724-fullfile-x86-glb.exe
For supported editions of Microsoft Word 2013 (64-bit editions)
word2013-kb3114724-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee the file information section
Registry key verificationNot applicable

Microsoft Office 2013 RT (all editions)

DeploymentThe 3114734 update for Microsoft Excel 2013 RT is available via Windows Update.
The 3114724 update for Microsoft Word 2013 RT is available via Windows Update.
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationClick Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File informationSee the file information section

Microsoft Office 2016 (all editions)

Reference table
The following table contains the security update information for this software.

Security update file nameFor Microsoft Excel 2016 (32-bit edition):
excel2016-kb3114698-fullfile-x86-glb.exe
For Microsoft Excel 2016 (64-bit edition):
excel2016-kb3114698-fullfile-x64-glb.exe
For Microsoft Word 2016 (32-bit edition):
word2016-kb3114702-fullfile-x86-glb.exe
For Microsoft Word 2016 (64-bit edition):
word2016-kb3114702-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base article 3101512
Registry key verificationNot applicable

Microsoft Office Web Apps 2010 (all versions)

Reference table
The following table contains the security update information for this software.

Security update file nameFor all supported editions of Excel Services on Microsoft SharePoint Server 2010 Service Pack 2:
xlsrv2010-kb3114401-fullfile-x64-glb.exe
For all supported editions of Microsoft Office Web Apps 2010 Service Pack 2:
wac2010-kb3114407-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationThis security update cannot be removed.
File InformationSee the file information section
Registry key verificationNot applicable

Microsoft Office Web Apps 2013 (all versions)

Reference table
The following table contains the security update information for this software.

Security update file nameFor all supported editions of Microsoft Office Web Apps Server 2013 Service Pack 2:
wacserver2013-kb3114338-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationThis security update cannot be removed.
File InformationSee the file information section
Registry key verificationNot applicable

Microsoft SharePoint Server 2007 (all editions) and Windows SharePoint Services 3.0 (all version)

Reference table
The following table contains the security update information for this software.

Security update file nameFor Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions):
xlsrvapp2007-kb3114432-fullfile-x86-glb.exe
For Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (64-bit editions):
xlsrvapp2007-kb3114432-fullfile-x64-glb.ex
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementYou may have to restart the computer after you install this security update.

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart the computer.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install this security update.

See Why you may be prompted to restart your computer after you install a security update on a Windows-based computer for more information.
Removal informationThis security update cannot be removed.
File InformationSee the file information section
Registry key verificationNot applicable

Microsoft SharePoint Server 2013 (all editions) and SharePoint Foundation 2013 (all versions)

NoteAfter you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation process. For more information about how to use the PSconfig tool, see the following TechNet topic:

http://technet.microsoft.com/en-us/library/hh285624.aspx
Reference table
The following table contains the security update information for this software.
Security update file nameFor supported editions of Microsoft SharePoint Server 2013:
wasrvloc2013-kb3039768-fullfile-x64-glb.exe
For supported editions of Microsoft SharePoint Foundation 2013:
sts2013-kb3114733-fullfile-x64-glb.exe
For Excel Services on supported editions of Microsoft SharePoint Server 2013:
xlsrvloc2013-kb3114335-fullfile-x64-glb.exe
For Word Automation Services on supported editions of Microsoft SharePoint Server 2013:
wdsrvloc2013-kb3114481-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementYou may have to restart the computer after you install this security update.

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart the computer.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install this security update.

See Why you may be prompted to restart your computer after you install a security update on a Windows-based computer for more information.
Removal informationThis security update cannot be removed.
File InformationSee the file information section
Registry key verificationNot applicable

Office for Mac 2011

Prerequisites
  • You must be running Mac OS X version 10.5.8 or a later version on an Intel processor.
  • Mac OS X user accounts must have administrator credentials to install this security update.
Installing the update
Download and install the appropriate language version of the Microsoft Office for Mac 2011 14.6.1 Update from the Microsoft Download Center. Then, follow these steps:
  1. Exit any applications that are running. This includes virus-protection applications and all Microsoft Office applications because they could interfere with the installation.
  2. Open the Microsoft Office for Mac 2011 14.6.1 Update volume on your desktop. This step might have been performed for you.
  3. To start the update process, in the Microsoft Office for Mac 2011 14.6.1 Update volume window, double-click the Microsoft Office for Mac 2011 14.6.1 Update application, and then follow the instructions.
  4. When the installation is complete, you can remove the update installer from your hard disk. To verify that the installation finished successfully, see the "Verifying update installation" section. To remove the update installer, drag the Microsoft Office for Mac 2011 14.6.1 Update volume to the Trash, and then drag the file that you downloaded to the Trash.
Verifying update installation
To verify that a security update is installed on an affected system, follow these steps:
  1. In Finder, locate the Application Folder (Microsoft Office 2011).
  2. Select Word, Excel, PowerPoint, or Outlook, and start the application.
  3. On the application menu, click About <Application_Name> (where <Application_Name> is a placeholder that represents Word, Excel, PowerPoint, or Outlook).
If the Latest Installed Update Version number is 14.6.1, the update was successfully installed.

Restart requirement
This update doesn't require you to restart your computer.

Removing the update
This security update cannot be uninstalled.

More information
If you have technical questions or problems with downloading or using this update, see Microsoft for Mac Support to learn about the support options that are available to you.

Office 2016 for Mac

Prerequisites
  • Mac OS X Yosemite 10.10 or a later version on an Intel processor.
  • A valid Microsoft Office 365 subscription.
Installing the update
Download and install the appropriate language version of the Microsoft Office 2016 for Mac 15.19.1 Update from the Microsoft Download Center. Then, follow these steps:
  1. Exit any applications that are running. This includes virus-protection applications and all Microsoft Office applications because they could interfere with the installation.
  2. Open the Microsoft Office 2016 for Mac 15.19.1 Update volume on your desktop. This step might have been performed for you.
  3. To start the update process, in the Microsoft Office 2016 for Mac 15.19.1 Update volume window, double-click the Microsoft Office 2016 for Mac 15.19.1 Update application, and follow the instructions.
  4. When the installation finishes successfully, you can remove the update installer from your hard disk. To verify that the installation finished successfully, see the "Verifying update installation" section. To remove the update installer, first drag the Microsoft Office 2016 for Mac 15.19.1 Update volume to the Trash, and then drag the file that you downloaded to the Trash.
Verifying update installation
To verify that a security update is installed on an affected system, follow these steps:
  1. In Finder, locate the Application Folder (Microsoft Office 2016).
  2. Select Word, Excel, PowerPoint, or Outlook, and start the application.
  3. On the application menu, click About Application_Name (where Application_Name is Word, Excel, PowerPoint or Outlook).
If the Latest Installed Update Version number is 15.19.1, the update was successfully installed.

Restart requirement
This update doesn't require you to restart your computer.

Removing the update
This security update cannot be uninstalled.

More information
If you have technical questions or problems with downloading or using this update, see Microsoft for Mac Support to learn about the support options that are available to you.

How to get help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Properties

Article ID: 3134226 - Last Review: 02/17/2016 06:23:00 - Revision: 2.1

Excel 2016, Word 2016, Excel Services in SharePoint Server 2013, Microsoft Excel 2013, Microsoft Office 2013 Service Pack 1, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft SharePoint Foundation 2013 Service Pack 1, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft Word 2013, Excel Services in Microsoft SharePoint Server 2010, Microsoft Excel 2010, Microsoft Office 2010 Service Pack 2, Microsoft SharePoint Server 2010 Service Pack 2, Microsoft Word 2010, 2007 Microsoft Office Suite Service Pack 3, Excel Services in Microsoft Office SharePoint Server 2007, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office Excel 2007, Microsoft Office Excel 2007 (Home and Student version), Microsoft Office Excel Viewer 2007, Microsoft Office SharePoint Server 2007, Microsoft Office Word 2007, Microsoft Office Word 2007 (Home and Student version), Microsoft Excel Web App, Microsoft Office Web Apps Service Pack 2, Word Viewer, Microsoft Office for Mac Academic 2011, Microsoft Office for Mac Home and Business 2011, Microsoft Office for Mac Home and Business 2011 Home Use Program, Microsoft Office for Mac Home and Student 2011, Microsoft Office for Mac Standard 2011, Microsoft Office 2016 for Mac

  • kbexpertiseinter kbsecurity kbsecbulletin kbsecvulnerability kbbug kblist kbfix kbsurveynew KB3134226
Feedback