The following security bulletin could affect SharePoint and Owa:

This security update resolves multiple privately reported vulnerabilities in Microsoft Office server and productivity software. The most severe of these vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a target SharePoint server.

This security update is rated Critical for supported editions of Microsoft SharePoint Server 2007, Microsoft SharePoint Server 2010, Microsoft SharePoint Server 2013, Microsoft Office Web Apps 2010, Microsoft Office Web Apps Server 2013, Microsoft SharePoint Services 3.0, and Microsoft SharePoint Foundation 2010, Microsoft SharePoint Foundation 2013, Microsoft SharePoint Designer 2007, Microsoft SharePoint Designer 2010, and Microsoft SharePoint Designer 2013. For more information, see the Affected and Non-Affected Software section.

The security update addresses the vulnerabilities by correcting how SharePoint Server and Web Applications sanitize specially crafted page content. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability later in this bulletin.

click here for more information