Two security bulletins created and delivered this month revolve around a Remote Execution vulnerability. The bulletins released prior to the launch of Office 2016 on September 22nd. Unfortunately, launching after the bulletins were revealed wasn’t enough to protect Office 2016 against the vulnerabilities.
Microsoft has now updated two of this month’s bulletins to include Office 2016 as vulnerable and needing patches for protection, and to make the updates available.
For Skype for Business 2016: Microsoft Security Bulletin MS15-097 - Critical
For Office 2016: Microsoft Security Bulletin MS15-099 - Critical