A security update has been released for Outlook 2007, Outlook 2010 and Outlook 2013 (including Outlook 2013 RT) to address a vulnerability which could allow information disclosure.
An attacker who successfully exploited this vulnerability could ascertain system information, such as the IP address and open TCP ports, from the target system and other systems that share the network with the target system.
The security update addresses the vulnerability by correcting the way that Microsoft Outlook parses specially crafted S/MIME email messages.
Note: The Outlook 2013 version of this update also contains the fixes mentioned in Hotfix KB2825677 which includes the To-Do Bar showing appointments for upcoming days.
View: More details and download information for KB2825644 (Outlook 2007)
View: More details and download information for KB2837597 (Outlook 2010)
View: More details and download information for KB2837618 (Outlook 2013)
View: Microsoft Security Bulletin MS13-094 – Important