This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 94%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hello everyone, i am trying to understand how office (msi not C2R) patches work. Are office patches cumulative? Our security department sometimes sends us a list of machines that need some old patch and i am trying to find the easiest way to patch it. They provide "Proof" that look something like this.
MS15-116: Security Update for Microsoft Office to Address Remote Code Execution (3104540)
<p></p><p>Vulnerable software installed: Office 2013</p><ul><li>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109A20000000100000000F01FEC\InstallProperties - key exists</li><li>The Office component Microsoft Office 64-bit Components 2013 is running an affected version - 15.0.4569.1506</li><li>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109A20000000100000000F01FEC\Patches\0E6DC534DA270DD4AAB0FCBEF35FA7FD - key does not exist</li><li>KB3101371 is not installed</li></ul>
But when i search for that KB number in SCCM it doesn't have any patches with that KB number. I am wondering if it would be better to apply some newer patch (like KB3115256 for example).
But really i am just trying to wrap my head around office patches in general. Do we have to install every possible old patch that may be missing. or would applying the latest patch solve the same problem?
Is there a sort of all inclusive update rollup or some update pack that would catch everything up to something more recent?
If we use SCCM is there something we would need to do to include older patches like this?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 24%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
@jaybird283
But when i search for that KB number in SCCM it doesn't have any patches with that KB number. I am wondering if it would be better to apply some newer patch (like KB3115256 for example).
Yes, it is recommended to deploy the latest security updates for the clients. Here is the update history for you:
https://learn.microsoft.com/en-us/officeupdates/office-updates-msi
But really i am just trying to wrap my head around office patches in general. Do we have to install every possible old patch that may be missing. or would applying the latest patch solve the same problem?
It is recommended to deploy the latest one. In my opinion, the software updates for Office are cumulative in the most case. Here is a related I found right now and I want to share on this forum.
https://learn.microsoft.com/en-us/previous-versions/office/office-2013-resource-kit/cc178995(v=office.15)
Hope the above will be helpful.
Best regards,
Rita
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Office update are not cumulative except service pack's one, which include some older.
Does the SCCM is synced with a WSUS server which have Office 2013 product listed ? Try to search the KB inside your WSUS's server. Your security department might have used another tool to list the needed update.
@Rita Hu -MSFT The second link you sent doesn't appear to work. but i think you may be right that most patches are cumulative. Thank you for your reply.