MS15-013: Vulnerability in Microsoft Office could allow security bypass: February 10, 2015

<html><body><p>Resolves vulnerabilities that could allow security feature bypass if a specially crafted file is opened in an affected edition of Microsoft Office.</p><h2>Introduction</h2><div>This security update resolves vulnerabilities that could allow security feature bypass if a specially crafted file is opened in an affected edition of Microsoft Office.<br /><span></span></div><h2>Summary</h2><div>Microsoft has released security bulletin MS15-013. Learn more about how to obtain the fixes included in this security bulletin:<br /><ul><li>For individual, small business and organizational users, use the Windows automatic updating feature to install the fixes from Microsoft Update. To do this, see <a href=“http://www.microsoft.com/security/pc-security/updates.aspx” target=“_self”>Get security updates automatically</a> on the Microsoft Safety and Security Center website.<br /></li><li>For IT professionals, see <a href=“http://technet.microsoft.com/security/bulletin/ms15-013” target=“_self”>Microsoft Security Bulletin MS15-013</a> on the Security TechCenter website.</li></ul></div><h2></h2><div><h3>How to obtain help and support for this security update</h3>Help installing updates: <a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your Windows-based computer from viruses and malware: <a href=“https://support.microsoft.com/gp/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a></div><h2></h2><div><div><div><div><span><span></span></span><span><span>Security update deployment information</span></span></div><div><span><div><h4>Microsoft Office 2007 (all editions)<br /></h4><span>Reference Table</span><br /><br />The following table contains the security update information for this software.<br /><div><table><tr><td><span>Security update file name</span></td><td>For Microsoft Office 2007:<br /><span>otkruntimertl2007-kb2920795-fullfile-x86-glb.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/912203” target=“_self”>Microsoft Knowledge Base Article 912203</a></td></tr><tr><td><span>Restart requirement</span></td><td>In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.<br /><br />To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons that you may be prompted to restart, see <a href=“https://support.microsoft.com/help/887012” target=“_self”>Microsoft Knowledge Base Article 887012</a>.</td></tr><tr><td><span>Removal information</span></td><td>Use the <span>Add or Remove Programs</span> item in <span>Control Panel</span>.</td></tr><tr><td><span>File information</span></td><td>See <a href=“https://support.microsoft.com/help/2920795” target=“_self”>Microsoft Knowledge Base Article 2920795</a></td></tr><tr><td><span>Registry key verification</span></td><td>Not applicable</td></tr></table></div><h4>Microsoft Office 2010 (all editions)<br /></h4><span>Reference Table</span><br /><br />The following table contains the security update information for this software.<br /><div><table><tr><td><span>Security update file name</span></td><td>For Microsoft Office 2010 (32-bit editions):<br /><span>otkruntimertl2010-kb2920748-fullfile-x86-glb.exe</span></td></tr><tr><td></td><td>For Microsoft Office 2010 (64-bit editions):<br /><span>otkruntimertl2010-kb2920748-fullfile-x64-glb.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/912203” target=“_self”>Microsoft Knowledge Base Article 912203</a></td></tr><tr><td><span>Restart requirement</span></td><td>In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.<br /><br />To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons that you may be prompted to restart, see <a href=“https://support.microsoft.com/help/887012” target=“_self”>Microsoft Knowledge Base Article 887012</a>.</td></tr><tr><td><span>Removal information</span></td><td>Use <span>Add or Remove Programs</span> item in <span>Control Panel</span>.</td></tr><tr><td><span>File information</span></td><td>See <a href=“https://support.microsoft.com/help/2920748” target=“_self”>Microsoft Knowledge Base Article 2920748</a>,</td></tr><tr><td><span>Registry key verification</span></td><td>Not applicable</td></tr></table></div><h4>Microsoft Office 2013 (all editions)<br /></h4><span>Reference Table</span><br /><br />The following table contains the security update information for this software.<br /><div><table><tr><td><span>Security update file name</span></td><td>For supported editions of Microsoft Office 2013 (32-bit editions):<br /><span>otkruntimertl2013-kb2910941-fullfile-x86-glb.exe</span></td></tr><tr><td></td><td>For supported editions of Microsoft Office 2013 (64-bit editions):<br /><span>otkruntimertl2013-kb2910941-fullfile-x64-glb.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/912203” target=“_self”>Microsoft Knowledge Base Article 912203</a></td></tr><tr><td><span>Restart requirement</span></td><td>In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.<br /><br />To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons that you may be prompted to restart, see <a href=“https://support.microsoft.com/help/887012” target=“_self”>Microsoft Knowledge Base Article 887012</a>.</td></tr><tr><td><span>Removal information</span></td><td>Use <span>Add or Remove Programs</span> item in <span>Control Panel</span>.</td></tr><tr><td><span>File information</span></td><td>See <a href=“https://support.microsoft.com/help/2910941” target=“_self”>Microsoft Knowledge Base Article 2910941</a></td></tr><tr><td><span>Registry key verification</span></td><td>Not applicable</td></tr></table></div></div><br /></span></div></div></div><h3>More information about this security update</h3><h4>Known issues and additional information about this security update</h4>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br /><ul><li><a href=“https://support.microsoft.com/en-us/help/2910941”>2910941 </a> MS15-013: Description of the security update for Microsoft Office 2013: February 10, 2015<br /></li><li><a href=“https://support.microsoft.com/en-us/help/2920748”>2920748 </a> MS15-013: Description of the security update for Microsoft Office 2010: February 10, 2015<br /></li><li><a href=“https://support.microsoft.com/en-us/help/2920795”>2920795 </a> MS15-013: Description of the security update for the 2007 Microsoft Office suite: February 10, 2015<br /></li></ul></div><h2></h2><div><div><div><div><span><span></span></span><span><span>File hash information</span></span></div><div><span><div><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>otkruntimertl2007-kb2920795-fullfile-x86-glb.exe</td><td>BABDECACF21EE35A0C73397EC11051F08415B4F3</td><td>C14342EE1F8FB6D0C429E5014C5F7854EDFE54DDD2FF18E612A5AB53B0E9A9B9</td></tr><tr><td>otkruntimertl2007-kb2920795-fullfile-x86-glb.exe</td><td>9E423B72F91C60335E3316F3BB70679DF1B3CE09</td><td>CCCCDBFC7326E8A8138ED318E730132B7CFD22631608E6AFD9D2C73D3871027C</td></tr><tr><td>otkruntimertl2010-kb2920748-fullfile-x64-glb.exe</td><td>D374FF2E5FF4677DD8D29DE5EDE08B64D96D33F5</td><td>7EC87AE97B5BF1F37164C2E7E54CB46E2A4A86A9DF8C0677B1081E8EF1269A4B</td></tr><tr><td>otkruntimertl2010-kb2920748-fullfile-x86-glb.exe</td><td>26A1635839A3960E7611768CD9C5139EDC3E648F</td><td>BB21077781212F904E1C533889DF63547BCE38AAAF52315E8064029F311C946A</td></tr><tr><td>otkruntimertl2013-kb2910941-fullfile-x64-glb.exe</td><td>FD86BEA70D02666211D2AD45DB9E81C61AC0CFB1</td><td>DB593E4BBFFBFA159D573230FF936FB1B075ADDA1E6648E52DD06C4F966EB059</td></tr><tr><td>otkruntimertl2013-kb2910941-fullfile-x86-glb.exe</td><td>233520BEEB181A87FC92F00EF8046D849FF137F5</td><td>26F788E2D4E1C680459C06687A8BD20EF433768F162BB21ED747B3C0D3221953</td></tr></table></div></div><br /></span></div></div></div></div></body></html>