MS14-017: Vulnerabilities in Microsoft Word and Office Web Apps could allow remote code execution: April 8, 2014

Introduction

This update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office.

Summary

Microsoft has released security bulletin MS14-017. Learn more about how to obtain the fixes included in this security bulletin:

To have us fix this problem for you, go to the "Fix it for me" section.

Fix it for me

The Fix it solution described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios.

For more information about this workaround, go to the following Microsoft Security Advisory webpage:

https://technet.microsoft.com/security/advisory/2953095 The advisory provides more information about the issue. This includes the following:

  • The scenarios in which you might apply or disable the workaround.

  • How to manually apply the workaround.

Specifically, to see this information, expand the Suggested actions section, and then expand the Workarounds section.


To enable or disable this Fix it solution, click the Fix it button or link under the Enable this fix it heading or under the Disable this fix it heading, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.

Disable opening RTF content in Microsoft Word

Enable this fix it

Disable this fix it

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

More information about this security update

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.

  • 2878303 MS14-017: Description of the security update for Word 2003: April 8, 2014

    The following are the known issues in security update 2878303. For more information about these known issues, see security update 2878303.


  • 2878237 MS14-017: Description of the security update for Word 2007: April 8, 2014

  • 2863926 MS14-017: Description of the security update for Word 2010 Service Pack 1 and Service Pack 2: April 8, 2014

  • 2863919 MS14-017: Description of the security update for Word 2010 Service Pack 1 and Service Pack 2: April 8, 2014

  • 2863910 MS14-017: Description of the security update for Office 2013 and Office 2013 RT: April 8, 2014

  • 2939132 MS14-017: Description of the Microsoft Office for Mac 2011 14.4.1 Update: April 8, 2014

  • 2878304 MS14-017: Description of the security update for Word Viewer: April 8, 2014

  • 2878236 MS14-017: Description of the security update for the Office Compatibility Pack: April 8, 2014

  • 2863907 MS14-017: Description of the security update for Word Automation Services in Microsoft SharePoint Server 2013: April 8, 2014

  • 2878220 MS14-017: Description of the security update for Word Automation Services in SharePoint Server 2010: April 8, 2014

  • 2878221 MS14-017: Description of the security update for Word Web Apps: April 8, 2014

  • 2878219 MS14-017: Description of the security update for Office Web Apps Server 2013: April 8, 2014

    The following are the known issues in security update 2878219. For more information about these known issues, see security update 2878219.

    • This security update may fail to install on a computer that is running Microsoft Web Apps Server 2013 if the computer also has Office 2013 Service Pack 1 (SP1) installed. Microsoft is researching this problem. We will post more information in this article when the information becomes available.

File name

SHA1 hash

SHA256 hash

kb2428677-x-none.cab

84F6286DF13E6B93A9705B5F91152F55C225024D

2FD499117A530D8B26413AB45FFB7ECFD8F2BEFFB5B9D58E550899C12F704232

kb24286772010-kb2863919-fullfile-x64-glb.exe

40043FEEC9F89695C22927074883AA9D381D8B39

D73A6AED2A72C40AD1ED9CB9904A18856C50629B29AC074056219FF1C2C0CA29

kb24286772010-kb2863919-fullfile-x86-glb.exe

955AB046A3267D26D405B139FDAD0F1C4B015158

0B5929C95F44FB4540D64BE371D391E2EEFB861CE7FF740292983368EBF9FB1F

office-kb2878304-fullfile-enu.exe

698AE4AC7B43760FE18D306CDED55DE90DF8E579

F974DD24FCA3021B79908DB6BD27FD8C3E0E844631D2E2F8A0BEBC7020F854BE

office2003-kb2878303-fullfile-enu.exe

D3B434449A65F57B171520432F22A7D8FBB28E30

B1996F28AE06263FDFECD5727FB5F57DD08DB2AE0212AD1330E509D1AC8BA089

wac2010-kb2878221-fullfile-x64-glb.exe

DBE134930FC06C61C60BDA1C7CAF99933CE817D8

9A582D40F4D92C6BE2A2B88D1575524257C3ABADC9DDB6EEE54FECDF4E2D7D12

wacserver2013-kb2878219-fullfile-x64-glb.com

1C2A41EF7BD7A488F5B6B59D587CA3854B505107

BFA75C008CEFB14F382DE934DF6A15226238EA2898ACFD74A056A695607A7482

wacwfe-x-none.cab

6BC849AEB392C26A780D6F18235202A0F1635C78

C44397B6B305B325056D0904FAA862336EFEB433E36642AAE78825B2C4EF75B4

wdsrv-x-none.cab

339197E759CB1EC8433C0779C1106190EE6E6C9A

1A6A639F619B8AC89968A71D86E9683C9DBEFE81E1FD0051BEFC6073CE60CAA6

wdsrv2010-kb2878220-fullfile-x64-glb.exe

95B5D9D062AA3056DD5DAD2D8DB35F5017D830BD

9A7EDBD94A36E8EEC7A10383E854156335583F25C79BA406FD6292EE1C625DD0

wdsrv2013-kb2863907-fullfile-x64-glb.com

1C2A41EF7BD7A488F5B6B59D587CA3854B505107

BFA75C008CEFB14F382DE934DF6A15226238EA2898ACFD74A056A695607A7482

winword.cab

279A31F2376C3660950C7F06510B46D3C498A71E

FB5B84337FEA9045F7E880D651DB5306B3AE79B611E01AB934305AB8F205236C

word-x-none.cab

4BD19FF8CA9D05E388F1EAB8419FE16927B72BE7

FCD67C549C83EE9E44685247D96358EE0B601541B3D92C72728FB3D0E1F3FBD6

word2007-kb2878237-fullfile-x86-glb.exe

09EBD8FBC87C1BEE1D0A225049CF05A39F56AD42

A75A5D26795C6508B7ADD79BDC9C679FABAC7C4A7D6F44C493831C087E79B025

word2010-kb2863926-fullfile-x64-glb.exe

2DEB6470A7BB6D3ACAAA245CBD32E90E211501D0

5D0AC2F18A8E9C28113DD4BB39DE6EDB9788ADBB4EE457C5A2110D95A8EBD7CF

word2010-kb2863926-fullfile-x86-glb.exe

4443EE157D41A1D1B607DA9A5DB7460AB10E0268

614BF3CB0865196712688809E49A822F38CD3A0FDA54F4128D4A26A8CD1B28B5

word2013-kb2863910-fullfile-x86-glb.com

87BA717A5AF4DF194A9BAE62896803DE1F1ECB41

6EEAAC3E286489D7B2BD8BB55C47A68B60FEE7A18D029D0D0765F592182BB201

wordconv-x-none.cab

2FBC7FA50DB766AB345E51CAE28B807B2DD2893C

574CE7400C9C639E66D72F05DA9EFBAA242CA71DF633FB9DF434B6341E754B9D

wordconv2007-kb2878236-fullfile-x86-glb.exe

F73D78151781E07B86F9124FDF590FD42CC7041D

94DC02B8337FBACFC955A5C3E579073E36B7A899E4120323751D0C08476E5524

wordview.cab

B530CBB154E5F51101912C61024EBE98996B578C

B8F30F3401765973AEEB761BC65EFEC9817675D4E1AE2E0D3F1649E41F1E7B2E


Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×