A Security Update has been released for Outlook 2013. It resolves the vulnerabilities mentioned in CVE-2018-8522, CVE-2018-8524 and CVE-2018-8576 which could allow remote code execution via a specially crafted Office file as well as CVE-2018-8582 which could allow remote code execution when importing a specially crafted rwz-file (rules export).
This update also contains additional fixes for 4 non-security issues.
- When the primary email address and User Principal Name (UPN) are changed in Active Directory or Azure Active Directory, the old SMTP address and the UPN in a user’s Outlook profile file are not changed.
- You can’t switch between accounts on a custom form by using the Accounts button.
- When running Outlook in online mode, “Cc” recipients may not appear in the email message.
- This update also enables support for TLS version 1.2 for IMAP, POP, and SMTP connections.