Outlook 2013 Security Update for November 2018

A Security Update has been released for Outlook 2013. It resolves the vulnerabilities mentioned in CVE-2018-8522, CVE-2018-8524 and CVE-2018-8576 which could allow remote code execution via a specially crafted Office file as well as CVE-2018-8582 which could allow remote code execution when importing a specially crafted rwz-file (rules export).

This update also contains additional fixes for 4 non-security issues.

  • When the primary email address and User Principal Name (UPN) are changed in Active Directory or Azure Active Directory, the old SMTP address and the UPN in a user’s Outlook profile file are not changed. 
  • You can’t switch between accounts on a custom form by using the Accounts button.
  • When running Outlook in online mode, “Cc” recipients may not appear in the email message.
  • This update also enables support for TLS version 1.2 for IMAP, POP, and SMTP connections.

View: Download information for KB4461486

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5085.1000.