Description of the security update for Outlook 2013: April 11, 2017

Applies to: Outlook 2013

Summary


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-0106 and Microsoft Common Vulnerabilities and Exposures CVE-2017-0204.

Note To apply this security update, you must have the release version of Service Pack 1 for Microsoft Office 2013 installed on the computer.

Improvements and fixes


This security update contains improvements and fixes for the following nonsecurity issues:
  • Increases the number of retries when trying to connect to a host in Microsoft Outlook 2013. By default, WinHTTP will try six IP addresses (one initial attempt and five retries) when trying to establish a connection to a host. If Outlook 2013 tries to attempt more than six IP addresses, the connection will fail. This is particularly problematic on networks that have intermittent IPv6 connectivity problems. Increasing the number of retries may allow the connection to succeed with IPv4 addresses. To enable this feature, see KB3178716 for more information.
  • Resolves an issue in which your email address is added to the To field when you "reply all" to an email message of an Outlook.com account.
  • If an Object Model call gets the conversation index of some items in Outlook 2013, Outlook will no longer crash.
  • If an appointment is modified by an add-in by calling body.setAsync, the appointment body that is sent will no longer be blank.
  • When you forward and an email message that contains attachments in Outlook 2013 and you add attachments, the attachments in the email message will no longer be swapped and become corrupted.

Known issues in this security update


After you install this security update, when you use the Quick Print feature in Outlook to print emails that contain attachments, you receive an error stating the attached files cannot be found.

For more information, go to the following article in the Microsoft Knowledge Base:

Deployment information


For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:

How to get and install the update


Method 1: Microsoft Update

Method 2: Microsoft Update Catalog

Method 3: Microsoft Download Center

More Information


Security update replacement information

This security update replaces previously released security update KB3118280.

File hash information

Package Name Package Hash SHA 1 Package Hash SHA 2
outlook2013-kb3172519-fullfile-x86-glb.exe EC8AD48B3E65984BCFB86213D3F374E32D489897 2449DF4B22F042727D5D70B80492F3770EF74E4406C0909D39BD06AF2CA694EF
outlook2013-kb3172519-fullfile-x64-glb.exe 3884596C94EEA6FA4C8DBC0F441FC534349C1145 28A0E8034E52190F4237198F098948CB99D3BE0012AC570575212C7F3FE5E865

File information

For the list of files that cumulative update KB3172519 contains, download the file information for the x86-based update KB3172519 and file information for the x64-based update KB3172519.

How to get help and support for this security update