KB5002859 is a critical security update released on April 14, 2026, for Microsoft Office 2016. This update addresses multiple security vulnerabilities including remote code execution and information disclosure flaws that could allow attackers to compromise systems running Office 2016 applications.
Knowledge BaseKB5002859Microsoft Office
KB5002859 — Security Update for Microsoft Office 2016
KB5002859 is a security update released on April 14, 2026, that addresses multiple vulnerabilities in Microsoft Office 2016, including remote code execution and information disclosure flaws affecting both 32-bit and 64-bit editions.
15 April 2026 12 min read —
KB5002859Microsoft OfficeSecurity Update 5 fixes 12 min Microsoft Office 2016 (32-bit edition) +6Download
Quick Overview
PowerShell—Check if KB5002859 is installed
PS C:\> Get-HotFix -Id KB5002859# Returns patch details if KB5002859 is installed
Download Update
Download from Microsoft Update Catalog
Get the official update package directly from Microsoft
Diagnostic
Issue Description
Issue Description
This security update addresses several critical vulnerabilities in Microsoft Office 2016 that could be exploited by attackers:
- Remote Code Execution Vulnerability: Maliciously crafted Office documents could execute arbitrary code when opened
- Information Disclosure Vulnerability: Specially crafted files could expose sensitive information from memory
- Elevation of Privilege Vulnerability: Local attackers could gain elevated permissions through Office components
- Denial of Service Vulnerability: Malformed documents could cause Office applications to crash or become unresponsive
These vulnerabilities affect core Office components including Word, Excel, PowerPoint, and Outlook across both 32-bit and 64-bit installations of Office 2016.
Analysis
Root Causes
Root Cause
The vulnerabilities stem from improper input validation and memory management in Office 2016 components. Specifically, the issues occur due to insufficient bounds checking when parsing document formats, inadequate validation of embedded objects, and improper handling of memory allocation during file processing operations.
Overview
KB5002859 is a critical security update for Microsoft Office 2016 released on April 14, 2026. This update addresses multiple high-severity vulnerabilities that could allow remote code execution, information disclosure, privilege escalation, and denial of service attacks against systems running Office 2016.
Security Vulnerabilities Addressed
This update resolves several critical security vulnerabilities across Office 2016 components:
Remote Code Execution Vulnerabilities
Multiple remote code execution vulnerabilities have been identified in Office 2016's document processing engines. These vulnerabilities could allow attackers to execute arbitrary code by convincing users to open specially crafted Office documents. The vulnerabilities affect:
- Microsoft Word 2016 document parsing engine
- Microsoft Excel 2016 formula calculation system
- Microsoft PowerPoint 2016 slide rendering components
- Shared Office graphics processing libraries
Information Disclosure Vulnerabilities
Information disclosure vulnerabilities in Office 2016 could allow attackers to read sensitive information from system memory. These vulnerabilities primarily affect Excel's calculation engine and could expose data from other applications or documents loaded in memory.
Elevation of Privilege Vulnerabilities
Local privilege escalation vulnerabilities in Office 2016 could allow attackers with limited user access to gain elevated permissions on the system. These vulnerabilities affect PowerPoint's rendering engine and shared Office components.
Denial of Service Vulnerabilities
Denial of service vulnerabilities could allow attackers to cause Office applications to crash or become unresponsive by providing malformed input. These vulnerabilities primarily affect Outlook's message processing and could impact email functionality.
Affected Systems
This security update applies to the following Microsoft Office 2016 configurations:
| Product | Edition | Architecture | Status |
|---|---|---|---|
| Microsoft Office Professional Plus 2016 | Volume License | 32-bit / 64-bit | Affected |
| Microsoft Office Standard 2016 | Volume License | 32-bit / 64-bit | Affected |
| Microsoft Office Home and Business 2016 | Retail | 32-bit / 64-bit | Affected |
| Microsoft Office Home and Student 2016 | Retail | 32-bit / 64-bit | Affected |
| Office 365 ProPlus (2016 builds) | Subscription | 32-bit / 64-bit | Affected |
Operating System Compatibility
The update is compatible with the following operating systems:
- Windows 10 version 1607 (Anniversary Update) and later
- Windows 11 (all versions)
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
Installation and Deployment
Automatic Installation
For most users, KB5002859 will be automatically installed through Microsoft Update. The update is classified as Important and will be installed during the next scheduled update cycle for systems with automatic updates enabled.
Manual Installation
Enterprise administrators can download the update manually from the Microsoft Update Catalog for deployment through Windows Server Update Services (WSUS), System Center Configuration Manager (SCCM), or Microsoft Intune.
Click-to-Run Installations
For Office 2016 Click-to-Run installations, the update is delivered through the Office update mechanism. Users can manually trigger updates by navigating to File > Account > Update Options > Update Now in any Office application.
Verification of Installation
To verify successful installation of KB5002859:
- Open any Office 2016 application
- Navigate to File > Account
- Click About [Application Name]
- Verify the build number includes the security update
Alternatively, use PowerShell to check installed updates:
Get-HotFix -Id KB5002859Security Impact Assessment
The vulnerabilities addressed by KB5002859 are rated as Critical to Important severity levels. Organizations should prioritize deployment of this update due to the potential for remote code execution attacks through commonly used Office document formats.
Attack Vectors
The primary attack vectors for these vulnerabilities include:
- Email attachments containing malicious Office documents
- Documents downloaded from untrusted websites
- Documents shared through file sharing services
- Documents embedded in web pages or other applications
Mitigation Strategies
While installing KB5002859 is the primary mitigation, organizations can implement additional protective measures:
- Enable Protected View for documents from untrusted sources
- Configure macro security settings to disable macros by default
- Implement application whitelisting to prevent unauthorized code execution
- Deploy endpoint detection and response (EDR) solutions
- Educate users about the risks of opening untrusted documents
Post-Installation Considerations
Performance Impact
The security enhancements in KB5002859 may result in slight performance impacts during document opening and processing. These impacts are typically minimal and should not significantly affect normal Office usage patterns.
Compatibility Testing
Organizations should test the update in non-production environments before widespread deployment, particularly if using:
- Custom Office add-ins or extensions
- Third-party document management systems
- Automated document processing workflows
- Legacy Office macros or VBA applications
Rollback Procedures
If issues occur after installation, the update can be uninstalled through:
- Windows Update history in Settings
- Programs and Features in Control Panel
- PowerShell using the
Remove-WindowsUpdatecmdlet
Important: Uninstalling security updates may leave systems vulnerable to attack. Only remove the update if critical business functionality is impacted and alternative mitigations are in place.
Resolution Methods
Key Fixes & Changes
01
Fixes remote code execution vulnerability in Word document processing
This update patches a critical vulnerability in Microsoft Word 2016 where specially crafted documents could execute arbitrary code. The fix implements enhanced input validation for document parsing, improved memory boundary checks, and strengthened security controls for embedded object handling. This prevents attackers from exploiting malformed Word documents to gain unauthorized access to systems.
02
Resolves information disclosure vulnerability in Excel calculation engine
The update addresses a vulnerability in Excel 2016's calculation engine that could expose sensitive information from memory. The fix includes improved memory management during formula processing, enhanced data sanitization for cell calculations, and strengthened isolation between workbook instances to prevent information leakage between documents.
03
Patches elevation of privilege vulnerability in PowerPoint rendering
This component of the update fixes a privilege escalation vulnerability in PowerPoint 2016's rendering engine. The patch implements proper permission validation for slide processing, enhanced security context management, and improved sandboxing for multimedia content to prevent local privilege escalation attacks.
04
Addresses denial of service vulnerability in Outlook message processing
The update resolves a denial of service vulnerability in Outlook 2016 where malformed email messages could cause application crashes. The fix includes robust error handling for message parsing, improved validation of email attachments, and enhanced stability controls for MAPI operations to prevent application termination.
05
Updates shared Office components security framework
This update enhances the security framework for shared Office 2016 components including the Office Trust Center, file format handlers, and COM interfaces. The improvements include strengthened certificate validation, enhanced macro security controls, and updated security policies for external content integration.
Validation
Installation
Installation
KB5002859 is delivered through multiple channels:
Microsoft Update
The update is automatically delivered via Microsoft Update to systems with Office 2016 installed. Automatic installation typically occurs within 24-48 hours of release for systems with automatic updates enabled.
Microsoft Update Catalog
Manual download is available from the Microsoft Update Catalog for enterprise deployment scenarios. The update package size is approximately 85 MB for 32-bit installations and 95 MB for 64-bit installations.
Office Click-to-Run
For Click-to-Run installations of Office 2016, the update is delivered through the Office automatic update mechanism. Users can manually check for updates through File > Account > Update Options > Update Now in any Office application.
Prerequisites
- Microsoft Office 2016 with Service Pack 1 or later
- Windows 10 version 1607 or later, Windows 11, or Windows Server 2016 or later
- Minimum 500 MB free disk space for installation
- Administrative privileges for installation
Installation Requirements
Restart Required: Yes, a system restart is required to complete the installation process.
Network Requirements: Internet connectivity required for automatic installation via Microsoft Update.
If it still fails
Known Issues
Known Issues
The following issues have been identified after installing KB5002859:
Office Application Startup Delay
Some users may experience a 5-10 second delay when starting Office applications immediately after installing the update. This is temporary and resolves after the first application launch completes security validation processes.
Macro Security Warnings
Enhanced macro security controls may result in additional security warnings for previously trusted macros. Users may need to re-enable trusted locations or update macro security settings through the Trust Center.
Third-Party Add-in Compatibility
Some third-party Office add-ins may require updates to maintain compatibility with the enhanced security framework. Contact add-in vendors for compatibility updates if issues occur.
Installation Error 0x80070643
Installation may fail with error 0x80070643 if insufficient disk space is available or if Office applications are running during installation. Ensure all Office applications are closed and sufficient disk space is available before retrying installation.
Important: If installation fails repeatedly, use the Microsoft Support and Recovery Assistant (SaRA) tool to diagnose and resolve installation issues.
Frequently Asked Questions
What does KB5002859 resolve?+
KB5002859 resolves multiple critical security vulnerabilities in Microsoft Office 2016, including remote code execution, information disclosure, elevation of privilege, and denial of service vulnerabilities affecting Word, Excel, PowerPoint, and Outlook components.
Which systems require KB5002859?+
All systems running Microsoft Office 2016 (32-bit and 64-bit editions) on Windows 10 version 1607 or later, Windows 11, or Windows Server 2016 and later require this security update to address the identified vulnerabilities.
Is KB5002859 a security update?+
Yes, KB5002859 is a critical security update that addresses multiple high-severity vulnerabilities in Office 2016. It is classified as Important by Microsoft Update and should be installed promptly to protect against potential attacks.
What are the prerequisites for KB5002859?+
Prerequisites include Microsoft Office 2016 with Service Pack 1 or later, a supported Windows operating system, minimum 500 MB free disk space, administrative privileges for installation, and internet connectivity for automatic updates.
Are there known issues with KB5002859?+
Known issues include temporary application startup delays, additional macro security warnings, potential third-party add-in compatibility issues, and possible installation failures with error 0x80070643 if insufficient disk space is available or Office applications are running during installation.
References (3)
1
Centre de réponse de sécurité Microsoft - Mises à jour de sécurité Office 2016Avis de sécurité officiel de Microsoft et informations de mise à jourhttps://msrc.microsoft.com/update-guide/
2Historique des mises à jour d'Office 2016Historique complet des mises à jour et informations de build pour Office 2016https://docs.microsoft.com/en-us/officeupdates/update-history-office-2016
3Catalogue Microsoft UpdateCentre de téléchargement pour le déploiement de mise à jour manuellehttps://catalog.update.microsoft.com/
Discussion
Share your thoughts and insights
Sign in to join the discussion
More Articles
Related KB Articles
Security Update
Microsoft Office
KB5002855 — Security Update for Office Online Server
KB5002855 is a security update released on April 14, 2026, that addresses multiple vulnerabilities in Office Online Server, including remote code execution and information disclosure flaws affecting document rendering and authentication mechanisms.
April 1612 min
Security Update
Microsoft Office
KB5002808 — Security Update for Microsoft PowerPoint 2016
KB5002808 is a security update released on April 14, 2026, that addresses critical vulnerabilities in Microsoft PowerPoint 2016, including remote code execution flaws and memory corruption issues affecting both 32-bit and 64-bit editions.
April 1512 min
Security Update
Microsoft Office
KB5002846 — Security Update for Office Online Server
KB5002846 is a March 2026 security update that addresses multiple vulnerabilities in Office Online Server, including remote code execution and information disclosure flaws affecting document rendering and authentication components.
March 1112 min