A Security Update has been released for Outlook 2013. In addition to resolving the vulnerabilities, it also contains 12 documented improvements and fixes.
Most notable fixes and improvements are:
- Resolves the vulnerabilities mentioned in CVE-2017-8506, CVE-2017-8507, and CVE-2017-8508 which could allow remote code execution if a user opens a specially crafted Office file or email message.
- Enable users to install and manage (web) add-ins in Outlook 2013 rather than in the Outlook Web App.
- Disables the message rule actions to start an application or run a macro (VBA script). To re-enable them, you can set the EnableUnsafeClientMailRules Registry value.
- After you switch networks on a computer, Outlook 2013 sometimes won’t reconnect to the Microsoft Exchange server.
View: Download information for KB3191938
Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 365 and updates Outlook to version 15.0.4937.1000.
