MS14-001: Vulnerabilities in Microsoft Word and Office web apps could allow remote code execution: January 14, 2014

2014-01-14T00:00:00
ID KB2916605
Type mskb
Reporter Microsoft
Modified 2014-04-17T03:21:07

Description

<html><body><p>Resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.</p><h2>INTRODUCTION</h2><div class="kb-summary-section section">Microsoft has released security bulletin MS14-001. To view the complete security bulletin, go to one of the following Microsoft websites: <ul class="sbody-free_list"><li>Home users:<div class="indent"><a href="http://www.microsoft.com/security/pc-security/updates.aspx" id="kb-link-1" target="_self">http://www.microsoft.com/security/pc-security/updates.aspx</a></div><span class="text-base">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br/><div class="indent"><a href="http://update.microsoft.com/microsoftupdate/" id="kb-link-2" target="_self">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<div class="indent"><a href="http://technet.microsoft.com/security/bulletin/ms14-001" id="kb-link-3" target="_self">http://technet.microsoft.com/security/bulletin/MS14-001</a></div></li></ul><h3 class="sbody-h3">How to obtain help and support for this security update</h3> Help installing updates: <a href="https://support.microsoft.com/ph/6527" id="kb-link-4" target="_self">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href="http://technet.microsoft.com/security/bb980617.aspx" id="kb-link-5" target="_self">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your Windows-based computer from viruses and malware: <a href="https://support.microsoft.com/contactus/cu_sc_virsec_master" id="kb-link-6" target="_self">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href="https://support.microsoft.com/common/international.aspx" id="kb-link-7" target="_self">International Support</a><br/><br/></div><h2></h2><div class="kb-moreinformation-section section"><h3 class="sbody-h3">Known issues and additional information about this security update</h3> <br/> <br/><br/> The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br/><br/><br/><ul class="sbody-free_list"><li><a href="https://support.microsoft.com/en-us/help/2827224" id="kb-link-8">2827224 </a> MS14-001: Description of the security update for Word 2013: January 14, 2014 </li><li><a href="https://support.microsoft.com/en-us/help/2837577" id="kb-link-9">2837577 </a> MS14-001: Description of the security update for Word Automation Services in SharePoint Server 2010: January 14, 2014<br/><br/><span class="text-base">Note </span>After you install this security update on all SharePoint servers and SharePoint services, you have to run the PSconfig tool to complete the installation. <br/></li><li><a href="https://support.microsoft.com/en-us/help/2837596" id="kb-link-10">2837596 </a> MS14-001: Description of the security update for Word Online: January 14, 2014</li><li><a href="https://support.microsoft.com/en-us/help/2837615" id="kb-link-11">2837615 </a> MS14-001: Description of the security update for Office Compatibility Pack: January 14, 2014</li><li><a href="https://support.microsoft.com/en-us/help/2837617" id="kb-link-12">2837617 </a> MS14-001: Description of the security update for Word 2007: January 14, 2014</li><li><a href="https://support.microsoft.com/en-us/help/2837625" id="kb-link-13">2837625 </a> MS14-001: Description of the security update for Word Automation Services in Microsoft SharePoint Server 2013: January 14, 2014<br/><br/><span class="text-base">Note </span>After you install this security update on all SharePoint servers and SharePoint services, you have to run the PSconfig tool to complete the installation. <br/></li><li><a href="https://support.microsoft.com/en-us/help/2863834" id="kb-link-14">2863834 </a> MS14-001: Description of the security update for Word 2013 primary interop assembly (PIA): January 14, 2014</li><li><a href="https://support.microsoft.com/en-us/help/2863866" id="kb-link-15">2863866 </a> MS14-001: Description of the security update for Word 2003: January 14, 2014</li><li><a href="https://support.microsoft.com/en-us/help/2863867" id="kb-link-16">2863867 </a> MS14-001: Description of the security update for Microsoft Word Viewer: January 14, 2014</li><li><a href="https://support.microsoft.com/en-us/help/2863879" id="kb-link-17">2863879 </a> MS14-001: Description of the security update for Office Web Apps Server: January 14, 2014</li><li><a href="https://support.microsoft.com/en-us/help/2863901" id="kb-link-18">2863901 </a> MS14-001: Description of the security update for Microsoft Office 2010: January 14, 2014</li><li><a href="https://support.microsoft.com/en-us/help/2863902" id="kb-link-19">2863902 </a> MS14-001: Description of the security update for Word 2010 Service Pack 1 and Service Pack 2: January 14, 2014</li></ul><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">File hash information</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">SHA1 hash</th><th class="sbody-th">SHA256 hash</th></tr><tr class="sbody-tr"><td class="sbody-td">kb24286772010-kb2837590-fullfile-x64-glb.exe</td><td class="sbody-td">D5CA1D2B8F6AB2E437F06E27BA1B0B38C5F1C71F</td><td class="sbody-td">36A9E0CE259ADE52FD75C1D2F7556C1F7DD467EB55F0F81ED08ABAF67835FA7E</td></tr><tr class="sbody-tr"><td class="sbody-td">kb24286772010-kb2837590-fullfile-x86-glb.exe</td><td class="sbody-td">7FC8DF9010236E3AF1E1C925645E4A02590C515C</td><td class="sbody-td">FAC3FFC6121F843098A44907EAA61FF2EFF029B565DECEA25338F4641A8F3C16</td></tr><tr class="sbody-tr"><td class="sbody-td">wac2010-kb2837596-fullfile-x64-glb.exe</td><td class="sbody-td">ECC72413FFC05E41F42B4C7EEF22A21CF8F4553E</td><td class="sbody-td">489B6A90ECB5F13F8BFFAA65E0E1E8B67BE6B1C41488E62A55AF35E4FADE60A7</td></tr><tr class="sbody-tr"><td class="sbody-td">wdsrv2010-kb2837577-fullfile-x64-glb.exe</td><td class="sbody-td">D4813C37FDB80466E676D2D7EFF1394C5A4394D1</td><td class="sbody-td">63C2ED82AF61570C0A0E7E27EA2ABDCB8B4C0C7672C9E5DB264AC29DB756F86D</td></tr><tr class="sbody-tr"><td class="sbody-td">word2010-kb2837593-fullfile-x64-glb.exe</td><td class="sbody-td">84E5A00726E41D41C2984175E04C12D8F9DBBBE7</td><td class="sbody-td">56816BFB9567FB45D6C5E1465F333451ADEAF324968C654EDC664A5B3CADCEAC</td></tr><tr class="sbody-tr"><td class="sbody-td">word2010-kb2837593-fullfile-x86-glb.exe</td><td class="sbody-td">7E695C573B011D3DD91D5ED494A54CB98D3398F3</td><td class="sbody-td">E50FE06D55FBA422ED3F0D1EB5B1285C388432AF64A55C1D819E203BB48AEC39</td></tr></table></div></div><br/></span></div></div></div></div></body></html>