A Security Update has been released for Outlook 2013. It resolves the vulnerability mentioned in CVE-2018-8244, which could allow remote code execution via a specially crafted Office file.
Additional fixes in this update;
- If the “PR_EMSMDB_CRED_USERNAME” property is not present in user profiles, some users may experience too many calls to the user principal name (UPN) lookup. To fix this issue, follow the instructions in KB4022165.
- This update adds AES 256 encryption as a supported scheme when Outlook 2013 is in FIPS compliant mode.
- When you forward a meeting request that is created in Outlook 2016, the attachment is missing if the AllowHTMLCalendarContent registry key value is set to 1.
- After you install or update an Outlook add-in, multiple network calls (getAppManifest calls) are made to retrieve Exchange add-in manifest data.
- This update adds translations in all languages for the fix of an issue that caused recipients to be unable to see attachments on meeting requests sent with attachments.