To determine the support lifecycle for your software release, see (). It should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities. For more information about the product lifecycle, see the () website. Other releases are past their support life cycle. The affected software listed in this bulletin has been tested to determine which releases are affected. **I am using an older release of the software discussed in this security bulletin.
The MSO update may be offered to systems running any affected Microsoft Office 2013 product that uses the shared component.įor more information on this behavior and recommended actions, see (). In addition, CVE-2014-1808 affects a shared component used by Microsoft Office 2013 software. However, you may be offered the proofing tools update for your version of Microsoft Office even if you do not specifically have the Chinese (Simplified) Grammar Checker. For example, only systems that have the Chinese (Simplified) Grammar Checker are vulnerable to CVE-2014-1756. Why am I being offered this update?**ĭue to the servicing model for Microsoft Office updates, you may be offered updates for software that you do not have installed on your system. **I am being offered this update for software I do not have installed on my system. Microsoft Office Compatibility Pack Service Pack 3 Microsoft Office 2013 RT Service Pack 1 (mso) Microsoft Office 2013 RT Service Pack 1 (proofing tools) Microsoft Office 2013 RT (proofing tools) **Microsoft Office 2013 and Microsoft Office 2013 RT** To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle. Other versions or editions are either past their support life cycle or are not affected. The following software has been tested to determine which versions or editions are affected. See also the section, Detection and Deployment Tools and Guidance, later in this bulletin.
For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.įor administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update at the earliest opportunity using update management software, or by checking for updates using the Microsoft Update service. Customers who have not enabled automatic updating need to check for updates from Microsoft Update and install this update manually. Customers who have automatic updating enabled and configured to check online for updates from Microsoft Update typically will not need to take any action because this security update will be downloaded and installed automatically. Recommendation. Customers can configure automatic updating to check online for updates from Microsoft Update by using the Microsoft Update service. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry later in this bulletin. The security update addresses the vulnerabilities by helping to ensure that the Chinese (Simplified) Grammar Checker feature in Microsoft Office properly verifies file paths before loading external libraries and by helping to ensure that Microsoft Office software properly handles specially crafted responses from websites.
For more information, see the Affected and Non-Affected Software section. This security update is rated Important for supported editions of Microsoft Office 2007, Microsoft Office 2010, and Microsoft Office 2013. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
The most severe vulnerability could allow remote code execution if a user opens an Office file that is located in the same network directory as a specially crafted library file. This security update resolves two privately reported vulnerabilities in Microsoft Office. Version: 1.1 General Information Executive Summary In this article Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037)