MS16-029: Security Update for Microsoft Office to Address Remote Code Execution: March 8, 2016

Summary
This security update resolves vulnerabilities in Microsoft Office. To learn more about the vulnerability, see Microsoft Security Bulletin MS16-029.
More information about this security update
The following articles contain more information about this security update as it relates to individual product versions. These articles may contain known issue information.

Nonsecurity-related fixes and improvements that are included in this security update



  • Adds the Don't use HTML paragraph auto spacing option in Word 2013.
  • Adds support for add-in commands to Outlook 2013.
  • Updates startup information to better align with Cortana.
  • Updates startup information for all international languages to better align with Cortana.
  • Contains fixes for the following nonsecurity issues:

    • After you add a continuous section break to a document in Word 2013, a lastRenderedPageBreak object is added.
    • When you run VBA or an add-in to create multiple Word views on a document and manage the views in Word 2013, Word 2013 crashes.
    • Assume that you have a document that has combo box content controls that are linked to custom XML parts in a document in Word 2016. After you select a value in one of these controls and then do an undo and a save operation, the type setting of some content controls is changed from combo box to rich text, and it loses the mapping to the node in the custom XML part.
    • When you use a printer to print a document, and then you change to another printer programmatically in Word 2016, Word 2016 crashes.
    • When you save a document as a PDF file in Word 2016, the content is broken in the PDF file.
    • When you insert an online picture in a document in Word 2016, you receive an error message states that the picture cannot be inserted from a temporary Internet file location. Additionally, Word 2016 crashes.
    • When you scroll HTML email messages in Outlook 2016 or Word 2016, Outlook 2016 or Word 2016 crashes.
    • It takes a long time to update a content control in the XML Mapping control in Word 2016. This update improves performance for content controls in Word 2016.
    • If the default input language is set to a language that is written by using Cyrillic characters, some keyboard shortcuts (for example, Ctrl+C and Ctrl+V) don't work in Word 2016.
    • The WindowBeforeRightClick event doesn't fire when you right-click in a document in Word 2016.
    • When you try to insert an HTML file as an object in a Microsoft Word 2016 document, you receive the following error message:
      The program used to create this object is html file. That program is either not installed on your computer or it is not responding. To edit this object, install html file or ensure that any dialog boxes in html file are closed.
    • If you step through code (for example, by using the Step Into function) in a document in Word 2016, Word 2016 crashes.
    • After you install updates for Word 2016, the Normal template (Normal.dotm) is renamed to Normal.dotm.old and a new Normal.dotm is created.
    • There's insufficient memory or disk space to repaginate or print document in Word 2016.
    • When you use ctx.trackedObjects.add() and you unload the apps without manually cleaning up the objects, Word 2016 automatically gracefully cleans up those objects before it unloads the apps.
    • The Do Not Forward business bar information string is cropped and is not fully displayed in some non-English versions of Outlook 2016.
    • A Universal Naming Convention (UNC) path that contains some full-width characters isn't resolved as a hyperlink in Word 2016.
    • After you add a continuous section break to a document in Word 2016, a lastRenderedPageBreak object is added.
    • If you use Visual Studio Tools for Office (VSTO) tools to run some code in a document in Word 2016, a user selection is lost in the document.
    • The Don't use HTML paragraph autospacing compatibility option is unavailable to convert files in Word 2016.
    • When you open an Outlook 2010 instance that has more than 30 calendars in a calendar view in a Citrix environment, Outlook 2010 crashes. To fix this issue, see KB3114809 for more information.
    • Appointments that start and end on different days are displayed as multiple meetings in the Month view in Outlook 2010.
    • When you view certain meeting cancelation email messages in the reading pane in Outlook 2013, Outlook 2013 crashes.
    • When you use a mouse to open a new all-day appointment in Outlook 2013, Outlook 2013 crashes.
    • When you try to set an account in Outlook 2016, Outlook 2016 takes longer than Outlook 2013 to collect autodiscover data for the account.
    • When you scroll through some items in a message list in Outlook 2016, Window-Eyes stops the screen reader from working for Outlook 2016.
More information

Security update deployment information

Microsoft Office 2007 (all editions) and other software

Reference table

The following table contains the security update information for this software.
Security update file nameFor Microsoft Office 2007 Service Pack 3:
otkruntimertl2007-kb2956110-fullfile-x86-glb.exe
For Microsoft InfoPath 2007 Service Pack 3:
infopath2007-kb3114426-fullfile-x86-glb.exe
For Microsoft Outlook 2007 Service Pack 3:
outlook2007-kb2880510-fullfile-x86-glb.exe
For Microsoft Word 2007 Service Pack 3:
word2007-kb3114901-fullfile-x86-glb.exe
For Microsoft Office Compatibility Pack:
wordconv2007-kb3114900-fullfile-x86-glb.exe
For Microsoft Word Viewer:
office-kb3114812-fullfile-enu.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart, and a message appears that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base article 2880510
See Microsoft Knowledge Base article 2956110
See Microsoft Knowledge Base article 3114426
See Microsoft Knowledge Base article 3114812
See Microsoft Knowledge Base article 3114900
See Microsoft Knowledge Base article 3114901
Registry key verificationNot applicable

Microsoft Office 2010 (all editions)

Reference table

The following table contains the security update information for this software.
Security update file nameFor Microsoft Office 2010 Service Pack 2 (32-bit editions): otkruntimertl2010-kb2956063-fullfile-x86-glb.exe
kb24286772010-kb3114873-fullfile-x86-glb.exe
For Microsoft Office 2010 Service Pack 2 (64-bit editions)
kb24286772010-kb3114873-fullfile-x64-glb.exe
For Microsoft InfoPath 2010 Service Pack 2 (32-bit editions)
infopath2010-kb3114414-fullfile-x86-glb.exe
For Microsoft InfoPath 2010 Service Pack 2 (64-bit editions)
infopath2010-kb3114414-fullfile-x64-glb.exe
For Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
outlookloc2010-kb3114883-fullfile-x86-glb.exe
For Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
outlookloc2010-kb3114883-fullfile-x64-glb.exe
For Microsoft Word 2010 Service Pack 2 (32-bit editions)
word2010-kb3114878-fullfile-x86-glb.exe
For Microsoft Word 2010 Service Pack 2 (64-bit editions)
word2010-kb3114878-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart, and a message appears that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base article 2956063
See Microsoft Knowledge Base article 3114414
See Microsoft Knowledge Base article 3114873
See Microsoft Knowledge Base article 3114878
See Microsoft Knowledge Base article 3114883
Registry key verificationNot applicable

Microsoft Office 2013 (all editions)

Reference table

The following table contains the security update information for this software.

Security update file nameFor supported editions of Microsoft Office 2013 (32-bit editions):
otkruntimertl2013-kb3039746-fullfile-x86-glb.exe
For supported editions of Microsoft InfoPath 2013 (32-bit editions)
infopath2013-kb3114833-fullfile-x86-glb.exe
For supported editions of Microsoft InfoPath 2013 (64-bit editions)
infopath2013-kb3114833-fullfile-x64-glb.exe
For supported editions of Microsoft Outlook 2013 (32-bit editions)
outlook2013-kb3114829-fullfile-x86-glb.exe
For supported editions of Microsoft Outlook 2013 (64-bit editions)
outlook2013-kb3114829-fullfile-x64-glb.exe
For supported editions of Microsoft Word 2013 (32-bit editions)
word2013-kb3114824-fullfile-x86-glb.exe
For supported editions of Microsoft Word 2013 (64-bit editions)
word2013-kb3114824-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart, and a message appears that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base article 3039746
See Microsoft Knowledge Base article 3114824
See Microsoft Knowledge Base article 3114829
See Microsoft Knowledge Base article 3114833
Registry key verificationNot applicable

Microsoft Office 2013 RT (all editions)

DeploymentThe 3114829 update for Microsoft Outlook 2013 RT is available via Windows Update.
The 3114824 update for Microsoft Word 2013 RT is available via Windows Update.
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart, and a message appears that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationClick Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File informationSee Microsoft Knowledge Base article 3114824
See Microsoft Knowledge Base article 3114829

Microsoft Office 2016 (all editions)

Reference table

The following table contains the security update information for this software.

Security update file nameFor Microsoft Office 2016 (32-bit edition):
otkruntimertl2016-kb3114690-fullfile-x86-glb.exe
For Microsoft Outlook 2016 (32-bit edition):
outlook2016-kb3114861-fullfile-x86-glb.exe
For Microsoft Outlook 2016 (64-bit edition):
outlook2016-kb3114861-fullfile-x64-glb.exe
For Microsoft Word 2016 (32-bit edition):
word2016-kb3114855-fullfile-x86-glb.exe
For Microsoft Word 2016 (64-bit edition):
word2016-kb3114855-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart, and a message appears that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base article 3114690
See Microsoft Knowledge Base article 3114861
See Microsoft Knowledge Base article 3114855
Registry key verificationNot applicable

Microsoft Office Web Apps 2010 (all versions)

Reference table

The following table contains the security update information for this software.
Security update file nameFor Microsoft Office Web Apps 2010 Service Pack 2:
wac2010-kb3114880-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementn some cases, this update does not require a restart. If the required files are being used, this update will require a restart, and a message appears that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationThis security update cannot be removed.
File InformationSee Microsoft Knowledge Base Article 3114880
Registry key verificationNot applicable

Microsoft Office Web Apps 2013 (all versions)

Reference table

The following table contains the security update information for this software.

Security update file nameFor all supported editions of Microsoft Office Web Apps Server 2013 Service Pack 2:
wacserver2013-kb3114821-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementn some cases, this update does not require a restart. If the required files are being used, this update will require a restart, and a message appears that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationThis security update cannot be removed.
File InformationSee Microsoft Knowledge Base Article 3114821
Registry key verificationNot applicable

Microsoft SharePoint Server 2010 (all editions)

Reference table

The following table contains the security update information for this software.

Security update file nameFor Word Automation Services on supported editions of Microsoft SharePoint Server 2010 Service Pack 2:
wdsrv2010-kb3114866-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementAfter you install this security update on all SharePoint servers, you must run the PSconfig tool to complete the installation process.

You may have to restart the computer after you install this security update.

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart, and a message appears that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Why you may be prompted to restart your computer after you install a security update on a Windows-based computer.
Removal informationThis security update cannot be removed.
File InformationSee Microsoft Knowledge Base Article 3114866
Registry key verificationNot applicable

Microsoft SharePoint Server 2013 (all editions)

Reference table

The following table contains the security update information for this software.

Security update file nameFor Word Automation Services on supported editions of Microsoft SharePoint Server 2013:
wdsrvloc2013-kb3114814-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementAfter you install this security update on all SharePoint servers, you must run the PSconfig tool to complete the installation process.

You may have to restart the computer after you install this security update.

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart, and a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Why you may be prompted to restart your computer after you install a security update on a Windows-based computer.
Removal informationThis security update cannot be removed.
File InformationSee Microsoft Knowledge Base Article 3114814
Registry key verificationNot applicable

Office for Mac 2011

Prerequisites
  • You must be running Mac OS X version 10.5.8 or a later version on an Intel processor.
  • Mac OS X user accounts must have administrator credentials to install this security update.
Installing the update
Download and install the appropriate language version of the Microsoft Office for Mac 2011 14.6.2 Update from the Microsoft Download Center. Then, follow these steps:
  1. Exit any applications that are running. This includes virus-protection applications and all Microsoft Office applications because they could interfere with the installation.
  2. Open the Microsoft Office for Mac 2011 14.6.2 Update volume on your desktop. This step might have been performed for you.
  3. To start the update process, in the Microsoft Office for Mac 2011 14.6.2 Update volume window, double-click the Microsoft Office for Mac 2011 14.6.2 Update application, and then follow the instructions.
  4. When the installation is complete, you can remove the update installer from your hard disk. To verify that the installation finished successfully, see the "Verifying update installation" section. To remove the update installer, drag the Microsoft Office for Mac 2011 14.6.2 Update volume to the Trash, and then drag the file that you downloaded to the Trash.
Verifying update installation
To verify that a security update is installed on an affected system, follow these steps:
  1. In Finder, locate the Application Folder (Microsoft Office 2011).
  2. Select Word, Excel, PowerPoint, or Outlook, and start the application.
  3. On the application menu, click About <Application_Name> (where <Application_Name> is a placeholder that represents Word, Excel, PowerPoint, or Outlook).
If the Latest Installed Update Version number is 14.6.2, the update was successfully installed.

Restart requirement
This update doesn't require you to restart your computer.

Removing the update
This security update cannot be uninstalled.

More information
If you have technical questions or problems with downloading or using this update, see Microsoft for Mac Support to learn about the support options that are available to you.

Office 2016 for Mac

Prerequisites
  • Mac OS X Yosemite 10.10 or a later version on an Intel processor.
  • A valid Microsoft Office 365 subscription.
Installing the update
Download and install the appropriate language version of the Microsoft Office 2016 for Mac 15.20.0 Update from the Microsoft Download Center. Then, follow these steps:
  1. Exit any applications that are running. This includes virus-protection applications and all Microsoft Office applications because they could interfere with the installation.
  2. Open the Microsoft Office 2016 for Mac 15.20.0 Update volume on your desktop. This step might have been performed for you.
  3. To start the update process, in the Microsoft Office 2016 for Mac 15.20.0 Update volume window, double-click the Microsoft Office 2016 for Mac 15.20.0 Update application, and follow the instructions.
  4. When the installation finishes successfully, you can remove the update installer from your hard disk. To verify that the installation finished successfully, see the "Verifying update installation" section. To remove the update installer, first drag the Microsoft Office 2016 for Mac 15.20.0 Update volume to the Trash, and then drag the file that you downloaded to the Trash.
Verifying update installation
To verify that a security update is installed on an affected system, follow these steps:
  1. In Finder, locate the Application Folder (Microsoft Office 2016).
  2. Select Word, Excel, PowerPoint, or Outlook, and start the application.
  3. On the application menu, click About Application_Name (where Application_Name is Word, Excel, PowerPoint or Outlook).
If the Latest Installed Update Version number is 15.20.0, the update was successfully installed.

Restart requirement
This update doesn't require you to restart your computer.

Removing the update
This security update cannot be uninstalled.

More information
If you have technical questions or problems with downloading or using this update, see Microsoft for Mac Support to learn about the support options that are available to you.

How to get help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Properties

Article ID: 3141806 - Last Review: 03/17/2016 06:45:00 - Revision: 3.0

Microsoft Office Home and Business 2016, Microsoft Office Home and Student 2016, Microsoft Office Personal 2016, Microsoft Office Professional 2016, Microsoft Office Professional Plus 2016, Microsoft Office Standard 2016, Word 2016, Microsoft InfoPath 2013, Microsoft Office 2013 Service Pack 1, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft Word 2013, Microsoft InfoPath 2010, Microsoft Office 2010 Service Pack 2, Microsoft SharePoint Server 2010 Service Pack 2, Microsoft Word 2010, 2007 Microsoft Office Suite Service Pack 3, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Microsoft Office InfoPath 2007, Microsoft Office Outlook 2007, Microsoft Office Word 2007, Microsoft Office Word 2007 (Home and Student version), Microsoft Office Web Apps Service Pack 2, Word Viewer, Microsoft Outlook 2010, Microsoft Outlook 2013, Outlook 2016

  • kbexpertiseinter kbsecurity kbsecbulletin kbsecvulnerability kbbug kblist kbfix kbsurveynew KB3141806
Feedback