Microsoft Knowledge Base Archive

Introduction

This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Office.

↑ Back to the top

Summary

Microsoft has released security bulletin MS14-081. Learn more about how to obtain the fixes included in this security bulletin:

For individual, small business and organizational users, use the Windows automatic updating feature to install the fixes from Microsoft Update. To do this, see Get security updates automatically on the Microsoft Safety and Security Center website.
For IT professionals, see Microsoft Security Bulletin MS14-081 on the Security TechCenter website.

↑ Back to the top

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

↑ Back to the top

More information about this security update

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.

2910916 MS14-081: Description of the security update for Word 2013: December 9, 2014
2899518 MS14-081: Description of the security update for Office 2010: December 9, 2014
2899519 MS14-081: Description of the security update for Word 2010: December 9, 2014
2920793 MS14-081: Description of the security update for Word 2007: December 9, 2014
3018888 MS14-081: Description of the security update for Office for Mac: December 9, 2014
2920729 MS14-081: Description of the security update for Word Viewer: December 9, 2014
2920792 MS14-081: Description of the security update for Office Compatibility Pack SP3: December 9, 2014
2883050 MS14-081: Description of the security update for SharePoint Server 2013: December 9, 2014
2899581 MS14-081: Description of the security update for SharePoint Server 2010: December 9, 2014
2889851 MS14-081: Description of the security update for Office Web Apps Server 2013: December 9, 2014
2910892 MS14-081: Description of the security update for Office Web Apps 2010: December 9, 2014

↑ Back to the top

Security update deployment

The 2007 Microsoft Office system (all editions) and other software

Reference table

The following table contains the security update information for this software.

Security update file name	For Microsoft Office Word 2007: word2007-kb2920793-fullfile-x86-glb.exe
	For Microsoft Office Word Viewer: office-kb2920729-fullfile-enu.exe
	For Microsoft Office Compatibility Pack: wordconv2007-kb2920792-fullfile-x86-glb.exe
Installation switches	See Microsoft Knowledge Base Article 912203
Restart requirement	In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart. To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons that you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal information	Use Add or Remove Programs item in Control Panel.
File information	See Microsoft Knowledge Base Article 2920793, Microsoft Knowledge Base Article 2920729, Microsoft Knowledge Base Article 2920792
Registry key verification	Not applicable

Microsoft Office 2010 (all editions)

Reference table

The following table contains the security update information for this software.

Security update file name	For Microsoft Office 2010 (32-bit editions): kb24286772010-kb2899518-fullfile-x86-glb.exe
	For Microsoft Office 2010 (64-bit editions): kb24286772010-kb2899518-fullfile-x64-glb.exe
	For Microsoft Word 2010 (32-bit editions): word2010-kb2899519-fullfile-x86-glb.exe
	For Microsoft Word 2010 (64-bit editions): word2010-kb2899519-fullfile-x64-glb.exe
Installation switches	See Microsoft Knowledge Base Article 912203
Restart requirement	In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart. To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons that you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal information	Use Add or Remove Programs item in Control Panel.
File information	See Microsoft Knowledge Base Article 2899518, Microsoft Knowledge Base Article 2899519
Registry key verification	Not applicable

Microsoft Office 2013 (all editions)

Reference table

The following table contains the security update information for this software.

Security update file name	For supported editions of Microsoft Word 2013 (32-bit editions): word2013-kb2910916-fullfile-x86-glb.exe
	For supported editions of Microsoft Word 2013 (64-bit editions): word2013-kb2910916-fullfile-x64-glb.exe
Installation switches	See Microsoft Knowledge Base Article 912203
Restart requirement	In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart. To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons that you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal information	Use Add or Remove Programs item in Control Panel.
File information	See Microsoft Knowledge Base Article 2910916
Registry key verification	Not applicable

Microsoft Office 2013 RT (all editions)

Reference table

The following table contains the security update information for this software.

Deployment	The 2910916 update for Microsoft Office 2013 RT is available through Windows Update.
Restart requirement	In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart. To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons that you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal information	Click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File information	See Microsoft Knowledge Base Article 2910916

Office for Mac 2011

Prerequisites

To install this update, you must have a computer that is running Mac OS X version 10.5.8 or a later version on an Intel processor, and user accounts must have administrative credentials.

↑ Back to the top

File hash information

File name	SHA1 hash	SHA256 hash
kb24286772010-kb2899518-fullfile-x64-glb.exe	1DBDF44EDEEE3EC64E1B9B888AD96AB28D460B66	4D879D5F2ADC81B90783B7ACD310447CDE7ACF784CB7F4E5C65FEA5DFC258E87
kb24286772010-kb2899518-fullfile-x86-glb.exe	2E6C5104696410DF2B74EC2B3841CC0102D4391F	C7F66D171298DC351369F6529BCC8D4B230DD7321D8D55D7F42936E6CA364767
office-kb2920729-fullfile-enu.exe	13D464EE669E4D923D8A4636500044EFC440EA1F	1431ECCB1705B140C2276BAF14A195C0C1AAA82210A76E30496A132A9A9CC703
wac2010-kb2910892-fullfile-x64-glb.exe	3FEE1C84B0272A5AEF1441EABC0E069A8036261B	175AAF7FEE3B96D8C4F5AE8FB35F9B1AD3A251607827ACE690C93323A00A7C40
wacserver.exe (KB2889851)	18C65FBA211065CAF7EFCDAB04F008BB7EBE4CD6	D828348B292CD5D722E25B294045E1EBC232FED5371AD5BAEA6796B737451EA7
wdsrv2010-kb2899581-fullfile-x64-glb.exe	EF3DD25A358978272560DB428E4021A7E611FEC7	114A137E52A3145020C766429C7ADC2648DA444136161D6608D55F09D5C06CEC
wdsrvloc.exe	7B46CC7B47876F25208161822A285A0DB535C4C1	CB1A72BEC37711E3E1287155949E379BF2EF5F8FEC511768B79735EEE3638C32
word.exe	A73BE0E19570568FB7DA868E95C004668C66A4DB	8F188E8699FFAF14EACACCCAEA687148AC10F18F855B8C16CD1FDBDCDEEE109C
word.exe	E6882E9539D3A90078158A61F34E5AB532F2CFA5	C44D9C3E8EB0EE6929F87047B03102BDE08C0AFF013319DB18C9B24B0264B73B
word2007-kb2920793-fullfile-x86-glb.exe	F6B3A330B67BBDF00DEF28D2E9616536E2C4C0A1	544FC721CE710998502F210FEAEA3961A6365D18F4B9A7C62E116A017AE8DA13
word2010-kb2899519-fullfile-x64-glb.exe	ABA4A02A9B3CA92A1F60E328C003C645FB7C838A	55E960F0DC4F1045A0176E3DC4B9EF1E1213B3F80233C31773605A37476AC24C
word2010-kb2899519-fullfile-x86-glb.exe	59506439D8D79DBC9AD52CBC7ADE3A6C268901B0	1C3C2FACF0B9EAFD838495DB5895C3C8570D78C688EE338D5310BC3B68AD1BC1
wordconv2007-kb2920792-fullfile-x86-glb.exe	435DFD9D4BC9DF892D65B983AF29195EB075C639	3EE26F26AEEB9BC30BBB47A6D205BE1048ABF1C93655E493A403FC4595627E52

↑ Back to the top

Article ID	:	3017301
Revision	:	1
Created on	:	1/7/2017
Published on	:	12/9/2014
Exists online	:	False
Views	:	527

Microsoft KB Archive Search

MS14-081: Vulnerabilities in Microsoft Word and Office Web Apps could allow remote code execution: December 9, 2014

Introduction

Summary

How to obtain help and support for this security update

More information about this security update

Known issues and additional information about this security update

The 2007 Microsoft Office system (all editions) and other software

Microsoft Office 2010 (all editions)

Microsoft Office 2013 (all editions)

Microsoft Office 2013 RT (all editions)

Office for Mac 2011

Applies to: