Introduction

This security update resolves a vulnerability that could allow remote code execution or security feature bypass if a specially crafted file is opened in an affected edition of Microsoft Office.

Summary

Microsoft has released security bulletin MS14-082. Learn more about how to obtain the fixes that are included in this security bulletin:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft UpdateSecurity solutions for IT professionals: TechNet Security Troubleshooting and SupportHelp protect your computer that is running Windows from viruses and malware: Virus Solution and Security CenterLocal support according to your country: International Support

More Information

Known issues and additional information about this security update

Known issues with this security update

  • After you install this security update, you may receive an error message that resembles any of the following when you insert a Forms ActiveX control (forms3) into an Office document, or when you edit the properties of a control:

    Visio cannot insert this control because its TypeInfo did not merge correctly. Ensure all parameter types are VBA friendly. Delete TEMP *.exd file if necessary.

    Object library invalid or contains references to object definitions that could not be found.

    OR

    Cannot insert object.

    OR

    The program used to create this object is Forms. That program is either not installed on your computer or it is not responding. To edit this object, install Forms or ensure that any dialog boxes in Forms are closed.

    Note In this error message, the Forms text may also be replaced by the GUID of the control.

For more information about how to resolve this issue, click the following article number to view the article in the Microsoft Knowledge Base:

3025036 "Cannot insert object" error in an ActiveX custom Office solution after you install the MS14-082 security update The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.

  • 2726958 MS14-082: Description of the security update for Microsoft Office 2013: December 9, 2014

  • 2596927 MS14-082: Description of the security update for the 2007 Microsoft Office suite: December 9, 2014

  • 2553154 MS14-082: Description of the security update for Microsoft Office 2010: December 9, 2014

Microsoft Office 2007 (all editions)Reference TableThe following table contains the security update information for this software.

Security update file name

For Microsoft Office 2007:fm202007-kb2596927-fullfile-x86-glb.exe

Installation switches

See Microsoft Knowledge Base Article 912203

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.

Removal information

Use Add or Remove Programs item in Control Panel.

File information

See Microsoft Knowledge Base Article 2596927

Registry key verification

Not applicable

Microsoft Office 2010 (all editions)Reference TableThe following table contains the security update information for this software.

Security update file name

For Microsoft Office 2010 (32-bit editions) andMicrosoft Word 2010 (32-bit editions):fm202010-kb2553154-fullfile-x86-glb.exe

For Microsoft Office 2010 (64-bit editions) andMicrosoft Word 2010 (64-bit editions):fm202010-kb2553154-fullfile-x64-glb.exe

Installation switches

See Microsoft Knowledge Base Article 912203

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.

Removal information

Use Add or Remove Programs item in Control Panel.

File information

See Microsoft Knowledge Base Article 2553154

Registry key verification

Not applicable

Microsoft Office 2013 (all editions)Reference TableThe following table contains the security update information for this software.

Security update file name

For supported editions of Microsoft Office 2013 (32-bit editions):fm202013-kb2726958-fullfile-x86-glb.exe

For supported editions of Microsoft Office 2013 (64-bit editions):fm202013-kb2726958-fullfile-x64-glb.exe

Installation switches

See Microsoft Knowledge Base Article 912203

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.

Removal information

Use Add or Remove Programs item in Control Panel.

File information

See Microsoft Knowledge Base Article 2726958

Registry key verification

Not applicable

Microsoft Office 2013 RT (all editions)Reference TableThe following table contains the security update information for this software.

Deployment

The 2726958 update for Microsoft Office 2013 RT is available via Windows Update.

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.

Removal information

Click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.

File information

See Microsoft Knowledge Base Article 2726958

File hash information

Package Name

Package Hash SHA1

Package Hash SHA2

fm202007-kb2596927-fullfile-x86-glb.exe

7134AF5163B727606B0E03868F697AB74CA329AB

0887BD5908DD8DAEA06D62A9F4D9432AAF30D5246F4B0008D774009107473D3A

fm202010-kb2553154-fullfile-x64-glb.exe

982E1544DDF6A6E17B094F97DDBA654921699ECF

002A7DFE06AB4014A0C3CE25F2D5ED7B22FBC983DF8312F670C09A04A1F1FECA

fm202010-kb2553154-fullfile-x86-glb.exe

BDC5D2324C57DE891342E9818159DC0271F6F194

623CBF110FD7094FD73B1C68052E156DB3DCE0855108D11A3BAE466E9B7DE1B5

fm202013-kb2726958-fullfile-x64-glb.exe

EC8EEF578DD4FFEFB149D1E2AEAA12F4AC2710DC

4949F0E35182AB9EAA38895D7397415FC2D943956F0D952957EFFF37D684F734

fm202013-kb2726958-fullfile-x86-glb.exe

940E36421FFCC83756B96D950B92B2985D0896A1

9D3AA9840B81FA627EE4A3AE4F864505DA93C8AD3E0913E5B1BDACEF1E52E47E

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.