MS14-017: Vulnerabilities in Microsoft Word and Office Web Apps could allow remote code execution: April 8, 2014

<html><body><p>Resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office.</p><h2>Introduction</h2><div>This update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office.<br /><span></span></div><h2>Summary</h2><div>Microsoft has released security bulletin MS14-017. Learn more about how to obtain the fixes included in this security bulletin: <ul><li>For individual, small business and organizational users, use the Windows automatic updating feature to install the fixes from Microsoft Update. To do this, see <a href=“https://www.microsoft.com/security/pc-security/updates.aspx” target=“_self”>Get security updates automatically</a> on the Microsoft Safety and Security Center website.<br /></li><li>For IT professionals, see <a href=“https://technet.microsoft.com/security/bulletin/ms14-017” target=“_self”>Microsoft Security Bulletin MS14-017</a> on the Security TechCenter website.</li></ul>To have us fix this problem for you, go to the “<a href=”#fixitforme" target>Fix it for me</a>" section.<br /><a></a></div><h2>Fix it for me</h2><div>The Fix it solution described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios. <br /><br />For more information about this workaround, go to the following Microsoft Security Advisory webpage: <div><a href=“https://technet.microsoft.com/security/advisory/2953095” target=“_self”>https://technet.microsoft.com/security/advisory/2953095</a></div> The advisory provides more information about the issue. This includes the following:<br /><ul><li>The scenarios in which you might apply or disable the workaround. </li><li>How to manually apply the workaround. </li></ul>Specifically, to see this information, expand the <strong>Suggested actions</strong> section, and then expand the <strong>Workarounds</strong> section.<br /><br /><br />To enable or disable this Fix it solution, click the <strong>Fix it</strong> button or link under the <strong>Enable this fix it</strong> heading or under the <strong>Disable this fix it</strong> heading, click <strong>Run</strong> in the<strong> File Download</strong> dialog box, and then follow the steps in the Fix it wizard.<br /><br /><h3>Disable opening RTF content in Microsoft Word </h3><div><table><tr><th>Enable this fix it</th><th>Disable this fix it</th></tr><tr><td><span><div></div></span></td><td><span><div></div></span></td></tr></table></div></div><h2></h2><div><h3>How to obtain help and support for this security update</h3>Help installing updates: <a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <a href=“https://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware: <a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a></div><h2></h2><div><h3>More information about this security update</h3><h4>Known issues and additional information about this security update</h4>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link. <br /><ul><li><a href=“https://support.microsoft.com/en-us/help/2878303”>2878303 </a> MS14-017: Description of the security update for Word 2003: April 8, 2014<br /><br />The following are the known issues in security update 2878303. For more information about these known issues, see security update 2878303.<ul><li><a href=“https://support.microsoft.com/en-us/help/830335”>Microsoft Update or Windows Update may offer this update </a> even though you do not have a Microsoft Office 2003 application installed.</li></ul><br /></li><li><a href=“https://support.microsoft.com/en-us/help/2878237”>2878237 </a> MS14-017: Description of the security update for Word 2007: April 8, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2863926”>2863926 </a> MS14-017: Description of the security update for Word 2010 Service Pack 1 and Service Pack 2: April 8, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2863919”>2863919 </a> MS14-017: Description of the security update for Word 2010 Service Pack 1 and Service Pack 2: April 8, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2863910”>2863910 </a> MS14-017: Description of the security update for Office 2013 and Office 2013 RT: April 8, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2939132”>2939132 </a> MS14-017: Description of the Microsoft Office for Mac 2011 14.4.1 Update: April 8, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2878304”>2878304 </a> MS14-017: Description of the security update for Word Viewer: April 8, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2878236”>2878236 </a> MS14-017: Description of the security update for the Office Compatibility Pack: April 8, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2863907”>2863907 </a> MS14-017: Description of the security update for Word Automation Services in Microsoft SharePoint Server 2013: April 8, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2878220”>2878220 </a> MS14-017: Description of the security update for Word Automation Services in SharePoint Server 2010: April 8, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2878221”>2878221 </a> MS14-017: Description of the security update for Word Web Apps: April 8, 2014</li><li><a href=“https://support.microsoft.com/en-us/help/2878219”>2878219 </a> MS14-017: Description of the security update for Office Web Apps Server 2013: April 8, 2014<br /><br />The following are the known issues in security update 2878219. For more information about these known issues, see security update 2878219.<br /><br /><ul><li>This security update may fail to install on a computer that is running Microsoft Web Apps Server 2013 if the computer also has Office 2013 Service Pack 1 (SP1) installed. Microsoft is researching this problem. We will post more information in this article when the information becomes available.</li></ul></li></ul></div><h2></h2><div><div><div><div><span><span></span></span><span><span>File hash information</span></span></div><div><span><div><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>kb2428677-x-none.cab</td><td>84F6286DF13E6B93A9705B5F91152F55C225024D</td><td>2FD499117A530D8B26413AB45FFB7ECFD8F2BEFFB5B9D58E550899C12F704232</td></tr><tr><td>kb24286772010-kb2863919-fullfile-x64-glb.exe</td><td>40043FEEC9F89695C22927074883AA9D381D8B39</td><td>D73A6AED2A72C40AD1ED9CB9904A18856C50629B29AC074056219FF1C2C0CA29</td></tr><tr><td>kb24286772010-kb2863919-fullfile-x86-glb.exe</td><td>955AB046A3267D26D405B139FDAD0F1C4B015158</td><td>0B5929C95F44FB4540D64BE371D391E2EEFB861CE7FF740292983368EBF9FB1F</td></tr><tr><td>office-kb2878304-fullfile-enu.exe</td><td>698AE4AC7B43760FE18D306CDED55DE90DF8E579</td><td>F974DD24FCA3021B79908DB6BD27FD8C3E0E844631D2E2F8A0BEBC7020F854BE</td></tr><tr><td>office2003-kb2878303-fullfile-enu.exe</td><td>D3B434449A65F57B171520432F22A7D8FBB28E30</td><td>B1996F28AE06263FDFECD5727FB5F57DD08DB2AE0212AD1330E509D1AC8BA089</td></tr><tr><td>wac2010-kb2878221-fullfile-x64-glb.exe</td><td>DBE134930FC06C61C60BDA1C7CAF99933CE817D8</td><td>9A582D40F4D92C6BE2A2B88D1575524257C3ABADC9DDB6EEE54FECDF4E2D7D12</td></tr><tr><td>wacserver2013-kb2878219-fullfile-x64-glb.com</td><td>1C2A41EF7BD7A488F5B6B59D587CA3854B505107</td><td>BFA75C008CEFB14F382DE934DF6A15226238EA2898ACFD74A056A695607A7482</td></tr><tr><td>wacwfe-x-none.cab</td><td>6BC849AEB392C26A780D6F18235202A0F1635C78</td><td>C44397B6B305B325056D0904FAA862336EFEB433E36642AAE78825B2C4EF75B4</td></tr><tr><td>wdsrv-x-none.cab</td><td>339197E759CB1EC8433C0779C1106190EE6E6C9A</td><td>1A6A639F619B8AC89968A71D86E9683C9DBEFE81E1FD0051BEFC6073CE60CAA6</td></tr><tr><td>wdsrv2010-kb2878220-fullfile-x64-glb.exe</td><td>95B5D9D062AA3056DD5DAD2D8DB35F5017D830BD</td><td>9A7EDBD94A36E8EEC7A10383E854156335583F25C79BA406FD6292EE1C625DD0</td></tr><tr><td>wdsrv2013-kb2863907-fullfile-x64-glb.com</td><td>1C2A41EF7BD7A488F5B6B59D587CA3854B505107</td><td>BFA75C008CEFB14F382DE934DF6A15226238EA2898ACFD74A056A695607A7482</td></tr><tr><td>winword.cab</td><td>279A31F2376C3660950C7F06510B46D3C498A71E</td><td>FB5B84337FEA9045F7E880D651DB5306B3AE79B611E01AB934305AB8F205236C</td></tr><tr><td>word-x-none.cab</td><td>4BD19FF8CA9D05E388F1EAB8419FE16927B72BE7</td><td>FCD67C549C83EE9E44685247D96358EE0B601541B3D92C72728FB3D0E1F3FBD6</td></tr><tr><td>word2007-kb2878237-fullfile-x86-glb.exe</td><td>09EBD8FBC87C1BEE1D0A225049CF05A39F56AD42</td><td>A75A5D26795C6508B7ADD79BDC9C679FABAC7C4A7D6F44C493831C087E79B025</td></tr><tr><td>word2010-kb2863926-fullfile-x64-glb.exe</td><td>2DEB6470A7BB6D3ACAAA245CBD32E90E211501D0</td><td>5D0AC2F18A8E9C28113DD4BB39DE6EDB9788ADBB4EE457C5A2110D95A8EBD7CF</td></tr><tr><td>word2010-kb2863926-fullfile-x86-glb.exe</td><td>4443EE157D41A1D1B607DA9A5DB7460AB10E0268</td><td>614BF3CB0865196712688809E49A822F38CD3A0FDA54F4128D4A26A8CD1B28B5</td></tr><tr><td>word2013-kb2863910-fullfile-x86-glb.com</td><td>87BA717A5AF4DF194A9BAE62896803DE1F1ECB41</td><td>6EEAAC3E286489D7B2BD8BB55C47A68B60FEE7A18D029D0D0765F592182BB201</td></tr><tr><td>wordconv-x-none.cab</td><td>2FBC7FA50DB766AB345E51CAE28B807B2DD2893C</td><td>574CE7400C9C639E66D72F05DA9EFBAA242CA71DF633FB9DF434B6341E754B9D</td></tr><tr><td>wordconv2007-kb2878236-fullfile-x86-glb.exe</td><td>F73D78151781E07B86F9124FDF590FD42CC7041D</td><td>94DC02B8337FBACFC955A5C3E579073E36B7A899E4120323751D0C08476E5524</td></tr><tr><td>wordview.cab</td><td>B530CBB154E5F51101912C61024EBE98996B578C</td><td>B8F30F3401765973AEEB761BC65EFEC9817675D4E1AE2E0D3F1649E41F1E7B2E</td></tr></table></div></div><br /></span></div></div></div></div></body></html>