Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS15-033: Vulnerabilities in Office could allow remote code execution: April 14, 2015


View products that this article applies to.

Summary

This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less affected than those who operate with administrative user rights. 

↑ Back to the top


Introduction

Microsoft has released security bulletin MS15-033. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International support

↑ Back to the top


More Information

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.


Security update deployment information

2007 Microsoft Office system (all editions) and other software

Reference table

The following table contains the security update information for this software.
Security update file nameFor 2007 Microsoft Office Service Pack 3:
vbe62007-kb2687409-fullfile-x86-glb.exe
For 2007 Microsoft Word Service Pack 3:
word2007-kb2965284-fullfile-x86-glb.exe
For Microsoft Word Viewer:
office-kb2965289-fullfile-enu.exe
For Microsoft Office Compatibility Pack:
wordconv2007-kb2965210-fullfile-x86-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee the file information section
Registry key verificationNot applicable

Microsoft Office 2010 (all editions)

Reference table

The following table contains the security update information for this software.
Security update file nameFor Microsoft Office 2010 Service Pack 2 (32-bit editions):
kb24286772010-kb2965236-fullfile-x86-glb.exe
vbe72010-kb2687419-fullfile-x86-glb.exe
For Microsoft Office 2010 Service Pack 2 (64-bit editions)
kb24286772010-kb2965236-fullfile-x64-glb.exe
vbe72010-kb2687419-fullfile-x64-glb.exe
For Microsoft Word 2010 Service Pack 2 (32-bit editions)
wordloc2010-kb2553428-fullfile-x86-glb.exe
For Microsoft Word 2010 Service Pack 2 (64-bit editions)
wordloc2010-kb2553428-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee the file information section
Registry key verificationNot applicable

Microsoft Office 2013 (all editions)

Reference table

The following table contains the security update information for this software.
Security update file nameFor supported editions of Microsoft Office 2013 (32-bit editions)
vbe72013-kb2752034-fullfile-x86-glb.exe
For supported editions of Microsoft Office 2013 (64-bit editions)
vbe72013-kb2752034-fullfile-x64-glb.exe
For supported editions of Microsoft Word 2013 (32-bit editions)
word2013-kb2965224-fullfile-x86-glb.exe
For supported editions of Microsoft Word 2013 (64-bit editions)
word2013-kb2965224-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee the file information section
Registry key verificationNot applicable

Microsoft Office 2013 RT (all editions)

DeploymentThe 2965224 update for Microsoft Word 2013 RT is available through Windows Update.
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationClick Control Panel, click System and Security, click Windows Update, and under See also, click Installed updates, and then select from the list of updates.
File informationSee the file information section

Office for Mac 2011

Prerequisites

To install this update, you must have a computer that is running Mac OS X version 10.5.8 or a later version on an Intel processor, and user accounts must have administrative credentials.

Outlook for Mac for Office 365

Prerequisites

You must be running OS X Yosemite 10.10 or a later version. 

Microsoft SharePoint Server 2010 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor Word Automation Services on supported editions of Microsoft SharePoint Server 2010 Service Pack 2:
wdsrvloc2010-kb2553164-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationThis security update cannot be removed.
File InformationSee the file information section
Registry key verificationNot applicable

Microsoft SharePoint Server 2013 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor Word Automation Services on supported editions of Microsoft SharePoint Server 2013:
wdsrvloc2013-kb2965215-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationThis security update cannot be removed.
File InformationSee the file information section
Registry key verificationNot  applicable

Microsoft Office Web Apps 2010 (all versions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor Microsoft Office Web Apps 2010 Service Pack 2:
wacloc2010-kb2965238-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationThis security update cannot be removed.
File InformationSee the file information section
Registry key verificationNot applicable

Microsoft Office Web Apps 2013 (all versions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported editions of Microsoft Office Web Apps Server 2013 Service Pack 1:
wacserver2013-kb2965306-fullfile-x64-glb.exe
Installation switchesSee Microsoft Knowledge Base Article 912203
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.

To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.
Removal informationThis security update cannot be removed.
File InformationSee the file information section
Registry key verificationNot applicable

↑ Back to the top


FILE INFORMATION

File hash information
File nameSHA1 hashSHA256 hash
wdsrvloc2010-kb2553164-fullfile-x64-glb.exeD88B4B2BBA7CFE5CD9FEC47A706F04EFEBD823EB36E434C632954A54D37C565438068C4F70DB0C15745E27B3619046C50B3A1400
wordloc2010-kb2553428-fullfile-x64-glb.exeF6C083208DA1CC7F7666DEA0A697010E4F394FB091A170562A2DDD99BB04D785394C371CD6AA7BBBD1BD2230925E7DE8AAE65E8F
wordloc2010-kb2553428-fullfile-x86-glb.exe0A4C090B2EEEF84E4301BA661B010806920B085C7FD32D4A972D79D95ABCF958BD126CB3D0F8310EB9CFED3AB905DAFEF2050BC3
wordconv2007-kb2965210-fullfile-x86-glb.exeA14FFBE921A2EE7A1140856F3EC2ACF24D978EED2149792B2E36C993A09B565D76D9E9BD7576D794944E6DD7B747823DC9F6321F
kb24286772010-kb2965236-fullfile-x64-glb.exeA83D65B28ECB2E9D119E3DDB6A6D0F15D4E88998BEC03DD26C161568E1572E800390315AC9743D6A92AD47D9BECA28FEA78C7521
kb24286772010-kb2965236-fullfile-x86-glb.exeAD1BC734A336F1CEAD087AF0668825D6A8803CD6E63F317BABFF4A38A3E3274FA722713B90C2AA6070F45EBB1745AC433C9A969F
wacloc2010-kb2965238-fullfile-x64-glb.exe85E81850227DED768C0D37F60EE86CA897E432A7F45B2BF3204E8D01F473F7538A7882AC85DFD6EA6E9035E928CD0F41BAE8DE38
word2007-kb2965284-fullfile-x86-glb.exe46EE57875231E6FCB4C2580D9C319A861BBE2BC059DC2820774BD4194226E357427E75992069955CC98824AF21A2E0EA55C2FAA3
wdsrvloc2013-kb2965215-fullfile-x64-glb.exeC4F844B13E0683AAE5207E4E020DE32AA26CA3262A9BC8634AB32409F017F846064B283D34BD77C1A90992F3DBFDABA4F35C1A50
word2013-kb2965224-fullfile-x64-glb.exe588330CEBFA29C177FC45ABABC0C054847790765CE34D183A89292AED92FB0B0D1379762931D50040683DCD0F9599DB3B8E298E8
word2013-kb2965224-fullfile-x86-glb.exeD2E17E3AA62413C3C40A21AD950A2641980CA33F07AFB182AECFB5448625A5623F13C0ED77CDB3813877AFFE427B9E03EAC399B1
office-kb2965289-fullfile-enu.exe9FE33D9661A610092CA29EC18EB823920D263ECBDAD420F24DD53D128A1B00238C4562676A5D3D4A9075D1C1EBB30A1E80A2E930
wacserver2013-kb2965306-fullfile-x64-glb.exe86CAC959E1285D436FEA409B645BCBF32E6140079F6AB9837CDE628D112E0AEEB009DFCB969B6AD7E8653D371979480FDB0D587A

↑ Back to the top


Keywords: kb

↑ Back to the top

Article Info
Article ID : 3048019
Revision : 1
Created on : 1/7/2017
Published on : 4/14/2015
Exists online : False
Views : 277