MS15-059: Vulnerabilities in Microsoft Office could allow remote code execution: June 9, 2015

<html><body><p>Resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file.</p><h2>Summary</h2><div>This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less affected than those who operate under administrative user rights. <span></span></div><h2>Introduction</h2><div>Microsoft has released security bulletin MS15-059. To learn more about this security bulletin: <ul><li>Home users:<br /><div><a href=“https://www.microsoft.com/security/pc-security/updates.aspx” target=“_self”>https://www.microsoft.com/security/pc-security/updates.aspx</a></div><span>Skip the details</span> - Download the updates for your home computer or laptop from the Microsoft Update website now: <div><a href=“https://www.update.microsoft.com/microsoftupdate/” target=“_self”>https://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br /><div><a href=“https://technet.microsoft.com/library/security/ms15-059” target=“_self”>https://technet.microsoft.com/library/security/MS15-059</a></div></li></ul><h3>How to obtain help and support for this security update</h3>Help installing updates:<br /><a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals:<br /><a href=“https://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your Windows-based computer from viruses and malware:<br /><a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country:<br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International support</a><br /><br /></div><h2>More Information</h2><div><h3>Known issues and additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.<br /><ul><li><a href=“https://support.microsoft.com/help/3039782” target=“_self”>KB 3039782 MS15-059: Description of the security update for Office 2013: June 9, 2015</a></li><li><a href=“https://support.microsoft.com/help/3039749” target=“_self”>KB 3039749 MS15-059: Description of the security update for Office 2013: June 9, 2015</a></li><li><a href=“https://support.microsoft.com/help/2863817” target=“_self”>KB 2863817 MS15-059: Description of the security update for Office 2010: June 9, 2015</a></li><li><a href=“https://support.microsoft.com/help/2863812” target=“_self”>KB 2863812 MS15-059: Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: June 9, 2015</a></li></ul><br /></div><h2>More Information</h2><div><div><div><div><span><span></span></span><span><span>Security update deployment information</span></span></div><div><span><div><h4>The 2007 Microsoft Office suite (all editions)</h4><span>Reference table</span><br /><br />The following table contains the security update information for this software.<br /><div><table><tr><td><span>Security update file name</span></td><td>For Microsoft Office Compatibility Pack Service Pack 3:<br /><span>convloc2007-kb2863812-fullfile-x86-glb.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/912203” target=“_self”>Microsoft Knowledge Base Article 912203</a></td></tr><tr><td><span>Restart requirement</span></td><td>In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.<br /><br />To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see <a href=“https://support.microsoft.com/help/887012” target=“_self”>Microsoft Knowledge Base Article 887012</a>.</td></tr><tr><td><span>Removal information</span></td><td>Use <span>Add or Remove Programs</span> item in <span>Control Panel</span>.</td></tr><tr><td><span>File information</span></td><td>See the <a href=“#fileinfo” target>file information</a> section</td></tr><tr><td><span>Registry key verification</span></td><td>Not applicable</td></tr></table></div><h4>Microsoft Office 2010 (all editions) and Other Software</h4><span>Reference Table</span><br /><br />The following table contains the security update information for this software. <div><table><tr><td><span>Security update file name</span></td><td>For Microsoft Office 2010 Service Pack 2 (32-bit editions):<br /><span>convloc2010-kb2863817-fullfile-x86-glb.exe</span></td></tr><tr><td></td><td>For Microsoft Office 2010 Service Pack 2 (64-bit editions):<br /><span>convloc2010-kb2863817-fullfile-x64-glb.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/912203” target=“_self”>Microsoft Knowledge Base Article 912203</a></td></tr><tr><td><span>Restart requirement</span></td><td>In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.<br /><br />To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see <a href=“https://support.microsoft.com/help/887012” target=“_self”>Microsoft Knowledge Base Article 887012</a>.</td></tr><tr><td><span>Removal information</span></td><td>Use <span>Add or Remove Programs</span> item in <span>Control Panel</span>.</td></tr><tr><td><span>File information</span></td><td>See the <a href=“#fileinfo” target>file information</a> section</td></tr><tr><td><span>Registry key verification</span></td><td>Not applicable</td></tr></table></div><h4>Microsoft Office 2013 (all editions)</h4><span>Reference Table</span><br /><br />The following table contains the security update information for this software.<br /><div><table><tr><td><span>Security update file name</span></td><td>For supported editions of Microsoft Office 2013 (32-bit editions):<br /><span>conv2013-kb3039749-fullfile-x86-glb.exe<br />osfclient2013-kb3039782-fullfile-x86-glb.exe</span></td></tr><tr><td></td><td>For supported editions of Microsoft Office 2013 (64-bit editions):<br /><span>conv2013-kb3039749-fullfile-x64-glb.exe<br />osfclient2013-kb3039782-fullfile-x64-glb.exe</span></td></tr><tr><td><span>Installation switches</span></td><td>See <a href=“https://support.microsoft.com/help/912203” target=“_self”>Microsoft Knowledge Base Article 912203</a></td></tr><tr><td><span>Restart requirement</span></td><td>In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.<br /><br />To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see <a href=“https://support.microsoft.com/help/887012” target=“_self”>Microsoft Knowledge Base Article 887012</a>.</td></tr><tr><td><span>Removal information</span></td><td>Use <span>Add or Remove Programs</span> item in <span>Control Panel</span>.</td></tr><tr><td><span>File information</span></td><td>See the <a href=“#fileinfo” target>file information</a> section</td></tr><tr><td><span>Registry key verification</span></td><td>Not applicable</td></tr></table></div><br /><h4>Microsoft Office 2013 RT (all editions)</h4><div><table><tr><td><span>Deployment</span></td><td>The 3039749 update for Microsoft Office 2013 RT is available through <a href=“http://go.microsoft.com/fwlink/?linkid=21130” target=“_self”>Windows Update</a>.</td></tr><tr><td></td><td>The 3039782 update for Microsoft Office 2013 RT is available through <a href=“http://go.microsoft.com/fwlink/?linkid=21130” target=“_self”>Windows Update</a>.</td></tr><tr><td><span>Restart requirement</span></td><td>In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.<br /><br />To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see <a href=“https://support.microsoft.com/help/887012” target=“_self”>Microsoft Knowledge Base Article 887012</a>.</td></tr><tr><td><span>Removal information</span></td><td>Click <span>Control Panel</span>, click <span>System and Security</span>, and then click <span>Windows Update</span>. Under <strong>See also</strong>, click <span>Installed updates</span>, and then select from the list of updates.</td></tr><tr><td><span>File information</span></td><td>See the <a href=“#fileinfo” target>file information</a> section</td></tr></table></div></div><br /></span></div></div></div><a></a><br /><div><div><div><span><span></span></span><span><span>File hash information</span></span></div><div><span><div><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>conv2013-kb3039749-fullfile-x64-glb.exe</td><td>7E9F38FFF8AFE0B79FBF155E0F88FFA858077621</td><td>4E83E131330DD95EF4F95E5D7EEDF2D42FC37CFE326FAF15D5A63879FDE6BB14</td></tr><tr><td>conv2013-kb3039749-fullfile-x86-glb.exe</td><td>E94303C3A0A45E28B1EA22CFE63CA129785CA4F5</td><td>ECD716A862ADEC9245348F910CA77C46D62790ADE68569F340EBA7708991DB97</td></tr><tr><td>convloc2007-kb2863812-fullfile-x86-glb.exe</td><td>6830E35F55A2905A459E45EE6DB98C5474BFB31D</td><td>8CCDFDDE3568944ABBC36E2949D9E858A120A00C0350ADAFD150070CE376F828</td></tr><tr><td>convloc2010-kb2863817-fullfile-x64-glb.exe</td><td>7FBBA95B047A6A66986D9D128BF9D7C64796747B</td><td>E2D11D3736403BE013AEB0645DCE4F73BF99DA4E606C3F72763CF19BFCF4F7D1</td></tr><tr><td>convloc2010-kb2863817-fullfile-x86-glb.exe</td><td>AED9D146C71F4B77E77D461F8E4DD097BD3E7CE8</td><td>A48EDC6AE9DD6B6B644F029B1B7E4BADB9F124030534785A71028C69724945AE</td></tr><tr><td>osfclient2013-kb3039782-fullfile-x64-glb.exe</td><td>94426DEFB878E9FE06888727F570DBC740D2A26E</td><td>FF1E0FC4BA0DE0AF02F536C65D46B05EC3E38E8004723ECA1CFE9A1275390E51</td></tr><tr><td>osfclient2013-kb3039782-fullfile-x86-glb.exe</td><td>EDF3832CE11FB9E7599AB20ED220332FBFC4D06C</td><td>4D69EF3D968E4A06E8A25D375ED161D9A313FB08734498E4135E36832F2C6161</td></tr></table></div></div><br /></span></div></div></div><br /><br /></div></body></html>