MS15-097: Vulnerabilities in the Microsoft graphics component could allow remote code execution: September 8, 2015

Summary

This security update resolves vulnerabilities in Windows, Microsoft Office, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded OpenType fonts.

To learn more about the vulnerability, see Microsoft Security Bulletin MS15-097.

More Information

Important

  • All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Additional information about this security update


The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.

  • 2910994 MS15-097: Description of the security update for Skype for Business 2016: September 30, 2015

  • 3086255 MS15-097: Description of the security update for the graphics component in Windows: September 8, 2015

  • 3087039 MS15-097: Description of the security update for the graphics component in Windows: September 8, 2015

  • 3087135 MS15-097: Description of the security update for the graphics component in Windows Vista and Windows Server 2008: September 8, 2015

  • 3085546 MS15-097: Description of the security update for the 2007 Microsoft Office Suite: September 8, 2015

  • 3085529 MS15-097: Description of the security update for Office 2010: September 8, 2015

  • 3085500 MS15-097: Description of the security update for Microsoft Lync 2013 (Skype for Business): September 8, 2015


    Known issues in security update 3085500:

    3099414 You can't record after you install MS15-097 for Lync 2013 (Skype for Business)

  • 3081087 MS15-097: Description of the security update for Lync 2010: September 8, 2015

  • 3081088 MS15-097: Description of the security update for Lync 2010 Attendee (user-level installation): September 8, 2015

  • 3081089 MS15-097: Description of the security update for Lync 2010 Attendee (administrator-level installation): September 8, 2015

  • 3081090 MS15-097: Description of the security update for Live Meeting Console: September 8, 2015

  • 3081091 MS15-097: Description of the security update for Live Meeting Conferencing Add-in: September 8, 2015

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see
Get security updates automatically.

Note For Windows RT and Windows RT 8.1, this update is available through Windows Update only.

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

Click the download link in Microsoft Security Bulletin MS15-097 that corresponds to the version of Windows that you are running.

More Information

Windows Vista (all editions)Reference Table

The following table contains the security update information for this software.

Security update file names

For all supported 32-bit editions of Windows Vista:
Windows6.0-KB3087039-x86.msu
Windows6.0-KB3087135-x86.msu

For all supported x64-based editions of Windows Vista:
Windows6.0-KB3087039-x64.msu
Windows6.0-KB3087135-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and select from the list of updates.

File information

See Microsoft Knowledge Base Article 3045171

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2008 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file names

For all supported 32-bit editions of Windows Server 2008:
Windows6.0-KB3087039-x86.msu
Windows6.0-KB3087135-x86.msu

For all supported x64-based editions of Windows Server 2008:
Windows6.0-KB3087039-x64.msu
Windows6.0-KB3087135-x64.msu

For all supported Itanium-based editions of Windows Server 2008:
Windows6.0-KB3087039-ia64.msu
Windows6.0-KB3087135-ia64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and select from the list of updates.

File information

See Microsoft Knowledge Base Article 3045171

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows 7 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported 32-bit editions of Windows 7:
Windows6.1-KB3087039-x86.msu

For all supported x64-based editions of Windows 7:
Windows6.1-KB3087039-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates, and select from the list of updates.

File information

See Microsoft Knowledge Base Article 3045171

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2008 R2 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported x64-based editions of Windows Server 2008 R2:
Windows6.1-KB3087039-x64.msu

For all supported Itanium-based editions of Windows Server 2008 R2:
Windows6.1-KB3087039-ia64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates, and select from the list of updates.

File information

See Microsoft Knowledge Base Article 3045171

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows 8 and Windows 8.1 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported 32-bit editions of Windows 8:
Windows8-RT-KB3087039-x86.msu

For all supported x64-based editions of Windows 8:
Windows8-RT-KB3087039-x64.msu

For all supported 32-bit editions of Windows 8.1:
Windows8.1-KB3087039-x86.msu

For all supported x64-based editions of Windows 8.1:
Windows8.1-KB3087039-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.

File information

See Microsoft Knowledge Base Article 3045171

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2012 and Windows Server 2012 R2 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported editions of Windows Server 2012:
Windows8-RT-KB3087039-x64.msu

For all supported editions of Windows Server 2012 R2:
Windows8.1-KB3087039-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.

File information

See Microsoft Knowledge Base Article 3045171

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows RT and Windows RT 8.1 (all editions)Reference Table

The following table contains the security update information for this software.

Deployment

These updates are available via Windows Update only.

Restart Requirement

Yes, you must restart your system after you apply this security update.

Removal Information

Click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.

File Information

See Microsoft Knowledge Base Article 3045171

Windows 10 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported 32-bit editions of Windows 10:
KB3081455 -Win10-RTM-X86-TSL.msu

For all supported x64-based editions of Windows 10:
KB3081455 -Win10-RTM-X64-TSL.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates, and select from the list of updates.

File information

See Microsoft Knowledge Base Article 3081091

Registry key verification

Registry keys do not exist to validate the presence of these updates.

Microsoft Office 2007 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported editions of Microsoft Office 2007:
ogl2007-kb3085546-fullfile-x86-glb.exe

Installation switches

See Microsoft Knowledge Base Article 912203

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.

Removal information

Use Add or Remove Programs item in Control Panel.

File information

See Microsoft Knowledge Base Article 3085546

Registry key verification

Not applicable

Microsoft Office 2010 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported editions of Microsoft Office 2010 (32-bit editions):
ogl2010-kb3085529-fullfile-x86-glb.exe

For all supported editions of Microsoft Office 2010 (64-bit editions):
ogl2010-kb3085529-fullfile-x64-glb.exe

Installation switches

See Microsoft Knowledge Base Article 912203

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.

Removal information

Use Add or Remove Programs item in Control Panel.

File information

See Microsoft Knowledge Base Article 3085529

Registry key verification

Not applicable

Microsoft Live Meeting 2007, Microsoft Lync 2010, Microsoft Lync 2010 Attendee, Microsoft Lync 2013 (Skype for Business), Microsoft Lync Basic 2013 (Skype for Business Basic), and Skype for Business 2016
Reference Table

The following table contains the security update information for this software.

Security update file name

For Microsoft Live Meeting 2007 Console (3081090):
LMSetup.exe

For Microsoft Lync 2010 (32-bit) (3081087):
lync.msp

For Microsoft Lync 2010 (64-bit) (3081087):
lync.msp

For Microsoft Lync 2010 Attendee (user level install) (3081088):
AttendeeUser.msp

For Microsoft Lync 2010 Attendee (admin level install) (3081089):
AttendeeAdmin.msp

For all supported editions of Microsoft Lync 2013 (Skype for Business) (32-bit) and Microsoft Lync Basic 2013 (Skype for Business Basic) (32-bit):
lync2013-kb3085500-fullfile-x86-glb.exe

For all supported editions of Microsoft Lync 2013 (Skype for Business) (64-bit) and Microsoft Lync Basic 2013 (Skype for Business Basic) (64-bit):
lync2013-kb3085500-fullfile-x64-glb.exe

For Skype for Business 2016 (32-bit editions):
lync2016-kb2910994-fullfile-x86-glb.exe

For Skype for Business 2016 (64-bit editions):
lync2016-kb2910994-fullfile-x64-glb.exe

Installation switches

See Microsoft Knowledge Base Article 912203

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.

Removal Information

Use Add or Remove Programs item in Control Panel.

File Information

For Microsoft Live Meeting 2007 Console:
See Microsoft Knowledge Base Article 3081090

For all supported editions of Microsoft Lync 2010:
See Microsoft Knowledge Base Article 3081087

For Microsoft Lync 2010 Attendee (user level install):
See Microsoft Knowledge Base Article 3081088

For Microsoft Lync 2010 Attendee (admin level install):
See Microsoft Knowledge Base Article 3081089

For Microsoft Link 2013 (Skype for Business) and Microsoft Link Basic 2013 (Skype for Business Basic):
See Microsoft Knowledge Base Article 3085500

For Skype for Business 2016:
See Microsoft Knowledge Base Article 2910994

Registry Key Verification

For Microsoft Live Meeting 2007 Console:
Not applicable

For Microsoft Lync 2010 (32-bit):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}
Version = 7577.4478

For Microsoft Lync 2010 (64-bit):
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}
Version = 7577.4478

For Microsoft Lync 2010 Attendee (admin level install):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\94E53390F8C13794999249B19E6CFE33\InstallProperties\DisplayVersion = 4.0.7577.4478

For Microsoft Lync 2010 Attendee (user level install):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}
Version = 7577.4478

For Microsoft Lync 2013 (Skype for Business) and Microsoft Lync Basic 2013 (Skype for Business Basic):
Not applicable

For Skype for Business 2016:

Not applicable


File name

SHA1 hash

SHA256 hash

lync.exe (x64)

FF5F11E2F1ECD9847F397B08FA12CC6D09507B46

F417E550187925642CE0DB5DE1ACF41B75D9C32E5386D96B0F484CD04241E547

lync.exe (x86)

CA324F246939D5DCF99BC1FC0C6E8AC70D54DE2E

D074B515DC43F78EC5AC42C68BAFBE0E57DFEDA48ADF7C6C725BC615D873322C

AttendeeAdmin.msp

6D0A6BBD161E956C60474F7331F8DC991916D8F4

DE3E353FE6A44E4CB187A2D5D954B017F7330D8B3514D13BF774D387CEF4B308

AttendeeUser.msp

127B8CB80DA59F951C642A904657B13294EF47FB

4BE75AFB7A64203869061F9EB8848D6985E58FDB3BF27EA101976F332CD31CD2

ConfAddins_Setup_x64.exe

046CD78DB54A0C567F94550C303718EB79D8E962

8092F771E27E59852A913ECEFEC4B9BABDA62D6BB96699661678749EC512770F

ConfAddins_Setup_x86.exe

091C0ADFEA56715E2AD29C8EC590423F0BDCFDA4

430FF247838599CBDC7215CE6AC2FD0CBDFC1D603C489C4795B0571F242B9C35

LMSetup.exe

95A4736FE7B3CB59DCEEE52462E563FA049ECA18

26CE4BB7F01AB938E89FE230ED2AFDA26E265360B971716E661822CAC52CD0EA

Lync_x64.msp

B3158DAA903A2B2422CBDED0E362998BF5E36F0F

12B86A62BF609398686A103CE297A0592EB334A6CBB6A41EC193E629DF6D68A2

Lync_x86.msp

8335902DB69204BB66EB408348607EB7EC3A09E4

E4BB57996C78AA02AB519D3BB85C29AC82AD79655BA71E780E6413133B171B8B

lync2013-kb3085500-fullfile-x64-glb.exe

B4EAF60A666306CF800CB63502BCCB86E03896C4

CDBDEF88A99D24690EFAA7DE514E5CC8D6AACFF19A08E43D6615EF92C8C0052A

lync2013-kb3085500-fullfile-x86-glb.exe

9FC79523CDEB6942C14B2707A90DCD1A14774FEB

BCC2B7A59C282D20A846F13A44BF01F5EC30B94BFB52CA493F29E8DA3AEAD9E1

ogl2007-kb3085546-fullfile-x86-glb.exe

44A7783A16E7CF7C144D3FCCDA18985B19EF040B

B851075C8951AD6F90BC43A4EE7FC0B0B9C6087D74936EE78B3F4E93CF900F6B

ogl2010-kb3085529-fullfile-x64-glb.exe

D7BC27F9F6D1F2A4C13D81EAA253F2A97A1ECBF2

535DE61D75A1D967EF927CA614AF48F9AB1A740E2A5E5C00791261F9ACBFDE08

ogl2010-kb3085529-fullfile-x86-glb.exe

6FC8B148094DB800D3A0C97ED791D0EC5CA9EE47

433D4B8E98197589330ECDBF6810520C1C627CDAF585B5563BFE25AF3397A288

Windows6.0-KB3087039-ia64.msu

8F36FF2772342D8D4E14A44C1B58BE921CDCBC8C

8758E713D9D514E68BF2B752A76CFD29873BE78DF927005BB3F192D123FBB8F5

Windows6.0-KB3087039-x64.msu

3E8C363D5443E350175570C05CA235911C5230D6

AAB19ADAF4BD94AB730ED5E43F86F412E1EE61B06762E2E3245C0D11639E552F

Windows6.0-KB3087039-x86.msu

713236A1DF235EB0A293BA9909A8842CA2F79C0B

85F8E4F5182D68A230CFA41BEF2751482E281A28A3EE5B4D34DBCEC07122ACE3

Windows6.0-KB3087135-ia64.msu

4ADBFF498853C8D6E6AE762E111E19B3F03AE29E

7873293F9ACEAC438D6F728BC5330776793D6B6A033090FA278EEC03C1E71811

Windows6.0-KB3087135-x64.msu

ED5D03BA983A7DB39E0CAFDDE4E534D1374C0575

AD76C99F4DFE28866D70F4347C126B5B105004DA105C9B54060F8BA3DA3759D1

Windows6.0-KB3087135-x86.msu

A10F423A7322C3A95DFBE6AF35AC3295B265E15B

B46B26251DF06203E8B82261664512B9C14498BD41037B7B611ADD0D19DF1119

Windows6.1-KB3087039-ia64.msu

7DFB1638064AA5BE66C81094F3FDFCC5234581F9

59AB9DA2BDECC7BF52F46BE0B62EEA41B70AFFBCFA147EC21E3B2F6158BDB161

Windows6.1-KB3087039-x64.msu

84E034E020F101D36398C0AD70813BDB8FE3A84C

16965BF8F99EA956E0B0D70009342F9713ADF32AAB87B97A358670C07F14EC2D

Windows6.1-KB3087039-x86.msu

6B7052D39CBB7AA4CE8EB4C14D833B08080ACC15

0C89018F35B8DCCFE3C0F6563F82F39FA282DE96D5C4B0A75B64162F13F3053E

Windows8.1-KB3087039-arm.msu

219CA9917C0BA4FD2DC5A69ADD822E872E2F296C

06625E8872A438B4E6A7A944CC1E529AD080030879A102545177EF9F26A85AB9

Windows8.1-KB3087039-x64.msu

4508EE0F43205300494BAFC69A1ADC472D7370CE

377CD16A8376411874B4F2E1B24A38E7771C53B2C0A71514D61E25F50C48BDE6

Windows8.1-KB3087039-x86.msu

9CBAA6974A4E404C235F0A7F55B80D60A38CF78C

E78C18974E7EA303B4825CA24A6CDBE7D2BC06004C946915217776369D85DD6D

Windows8-RT-KB3087039-arm.msu

CC0E460E4511EAA68266D9EBD7546924F2D872C5

A03A3782CF6BF49629B5CFDEDFA32D2A5EAA6EDB8812899A8169665BDAEF76CA

Windows8-RT-KB3087039-x64.msu

AE850C9EB9BF6306DD7941A181557E2A4B4C9BBC

9F1B486D8B0B5A24FBFAC157AEE5949017F44F75FD5BB5EA16611F34EFDB09CB

Windows8-RT-KB3087039-x86.msu

A1496FA1E05826E65A7C13CC95656E5E06266AFA

34AD992D8304E8CC363D87EEFE775D262051E6E0A588384B22D764AE73705553


Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×