A Security Update has been released for Outlook 2013. It resolves the following vulnerability;
- CVE-2020-0760: Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
To exploit the vulnerability, an attacker must first convince a user to open a specially crafted Office document.
The updates address the vulnerability by correcting how Office handles type libraries.
Note: Some types of Visual Basic for Applications (VBA) references might be affected by this update. For more information, see FAQ for VBA solutions affected by April 2020 Office security updates.