Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS14-081: Vulnerabilities in Microsoft Word and Office Web Apps could allow remote code execution: December 9, 2014


View products that this article applies to.

Introduction

This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Office.

↑ Back to the top


Summary

Microsoft has released security bulletin MS14-081. Learn more about how to obtain the fixes included in this security bulletin:

↑ Back to the top


How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

↑ Back to the top


More information about this security update

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.
  • 2910916 MS14-081: Description of the security update for Word 2013: December 9, 2014
  • 2899518 MS14-081: Description of the security update for Office 2010: December 9, 2014
  • 2899519 MS14-081: Description of the security update for Word 2010: December 9, 2014
  • 2920793 MS14-081: Description of the security update for Word 2007: December 9, 2014
  • 3018888 MS14-081: Description of the security update for Office for Mac: December 9, 2014
  • 2920729 MS14-081: Description of the security update for Word Viewer: December 9, 2014
  • 2920792 MS14-081: Description of the security update for Office Compatibility Pack SP3: December 9, 2014
  • 2883050 MS14-081: Description of the security update for SharePoint Server 2013: December 9, 2014
  • 2899581 MS14-081: Description of the security update for SharePoint Server 2010: December 9, 2014
  • 2889851 MS14-081: Description of the security update for Office Web Apps Server 2013: December 9, 2014
  • 2910892 MS14-081: Description of the security update for Office Web Apps 2010: December 9, 2014

↑ Back to the top


Security update deployment

The 2007 Microsoft Office system (all editions) and other software

Reference table

The following table contains the security update information for this software.
Security update file nameFor Microsoft Office Word 2007:
word2007-kb2920793-fullfile-x86-glb.exe
For Microsoft Office Word Viewer:
office-kb2920729-fullfile-enu.exe
For Microsoft Office Compatibility Pack:
wordconv2007-kb2920792-fullfile-x86-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons that you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 2920793,
Microsoft Knowledge Base Article 2920729,
Microsoft Knowledge Base Article 2920792
Registry key verificationNot applicable

Microsoft Office 2010 (all editions)

Reference table

The following table contains the security update information for this software.
Security update file nameFor Microsoft Office 2010 (32-bit editions):
kb24286772010-kb2899518-fullfile-x86-glb.exe
For Microsoft Office 2010 (64-bit editions):
kb24286772010-kb2899518-fullfile-x64-glb.exe
For Microsoft Word 2010 (32-bit editions):
word2010-kb2899519-fullfile-x86-glb.exe
For Microsoft Word 2010 (64-bit editions):
word2010-kb2899519-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons that you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 2899518,
Microsoft Knowledge Base Article 2899519
Registry key verificationNot applicable

Microsoft Office 2013 (all editions)

Reference table

The following table contains the security update information for this software.
Security update file nameFor supported editions of Microsoft Word 2013 (32-bit editions):
word2013-kb2910916-fullfile-x86-glb.exe
For supported editions of Microsoft Word 2013 (64-bit editions):
word2013-kb2910916-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons that you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee Microsoft Knowledge Base Article 2910916
Registry key verificationNot applicable

Microsoft Office 2013 RT (all editions)

Reference table

The following table contains the security update information for this software.
DeploymentThe 2910916 update for Microsoft Office 2013 RT is available through Windows Update.
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons that you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationClick Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File informationSee Microsoft Knowledge Base Article 2910916

Office for Mac 2011

Prerequisites

To install this update, you must have a computer that is running Mac OS X version 10.5.8 or a later version on an Intel processor, and user accounts must have administrative credentials.





↑ Back to the top


File hash information
File nameSHA1 hashSHA256 hash
kb24286772010-kb2899518-fullfile-x64-glb.exe1DBDF44EDEEE3EC64E1B9B888AD96AB28D460B664D879D5F2ADC81B90783B7ACD310447CDE7ACF784CB7F4E5C65FEA5DFC258E87
kb24286772010-kb2899518-fullfile-x86-glb.exe2E6C5104696410DF2B74EC2B3841CC0102D4391FC7F66D171298DC351369F6529BCC8D4B230DD7321D8D55D7F42936E6CA364767
office-kb2920729-fullfile-enu.exe13D464EE669E4D923D8A4636500044EFC440EA1F1431ECCB1705B140C2276BAF14A195C0C1AAA82210A76E30496A132A9A9CC703
wac2010-kb2910892-fullfile-x64-glb.exe3FEE1C84B0272A5AEF1441EABC0E069A8036261B175AAF7FEE3B96D8C4F5AE8FB35F9B1AD3A251607827ACE690C93323A00A7C40
wacserver.exe (KB2889851)18C65FBA211065CAF7EFCDAB04F008BB7EBE4CD6D828348B292CD5D722E25B294045E1EBC232FED5371AD5BAEA6796B737451EA7
wdsrv2010-kb2899581-fullfile-x64-glb.exeEF3DD25A358978272560DB428E4021A7E611FEC7114A137E52A3145020C766429C7ADC2648DA444136161D6608D55F09D5C06CEC
wdsrvloc.exe7B46CC7B47876F25208161822A285A0DB535C4C1CB1A72BEC37711E3E1287155949E379BF2EF5F8FEC511768B79735EEE3638C32
word.exeA73BE0E19570568FB7DA868E95C004668C66A4DB8F188E8699FFAF14EACACCCAEA687148AC10F18F855B8C16CD1FDBDCDEEE109C
word.exeE6882E9539D3A90078158A61F34E5AB532F2CFA5C44D9C3E8EB0EE6929F87047B03102BDE08C0AFF013319DB18C9B24B0264B73B
word2007-kb2920793-fullfile-x86-glb.exeF6B3A330B67BBDF00DEF28D2E9616536E2C4C0A1544FC721CE710998502F210FEAEA3961A6365D18F4B9A7C62E116A017AE8DA13
word2010-kb2899519-fullfile-x64-glb.exeABA4A02A9B3CA92A1F60E328C003C645FB7C838A55E960F0DC4F1045A0176E3DC4B9EF1E1213B3F80233C31773605A37476AC24C
word2010-kb2899519-fullfile-x86-glb.exe59506439D8D79DBC9AD52CBC7ADE3A6C268901B01C3C2FACF0B9EAFD838495DB5895C3C8570D78C688EE338D5310BC3B68AD1BC1
wordconv2007-kb2920792-fullfile-x86-glb.exe435DFD9D4BC9DF892D65B983AF29195EB075C6393EE26F26AEEB9BC30BBB47A6D205BE1048ABF1C93655E493A403FC4595627E52

↑ Back to the top


Keywords: kb, kbsecvulnerability, kbsecurity, kbsecreview, kbsecbulletin, kbmustloc, kblangall, kbfix, kbexpertiseinter, kbbug, atdownload

↑ Back to the top

Article Info
Article ID : 3017301
Revision : 1
Created on : 1/7/2017
Published on : 12/9/2014
Exists online : False
Views : 555