Description of the security update for Outlook 2013: June 13, 2017

Applies to: Microsoft Office 2013 Service Pack 1

Summary


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-8506, Microsoft Common Vulnerabilities and Exposures CVE-2017-8507, and Microsoft Common Vulnerabilities and Exposures CVE-2017-8508.

Note To apply this security update, you must have the release version of Service Pack 1 for Microsoft Office 2013 installed on the computer.

Known issues in this security update


Issue 1

When you open an attachment that includes consecutive dots (...), or an exclamation point (!), the files are blocked and you receive a warning message. See You receive an error when opening attachments in Outlook for more information.

Issue 2

If an email message includes an attached email message, and the attached email message's subject line ends with an unsafe file name extension as listed in the Blocked attachments in Outlook page, the email attachment will be blocked for recipients. To fix this issue, save the email message to the computer and rename its subject line so that it does not end with an unsafe file name extension. Then, attach it to the email message to be sent.

Issue 3

When you open attachments that use ShowLevel1Attach, you receive this message:

"One or more objects in this file have been disabled due to your policy settings".

See You receive an error when opening attachments in Outlook for more information.

Issue 4

Improvements and fixes


This security update contains improvements and fixes for the following nonsecurity issues:
  • Enable users to install and manage add-ins in Outlook 2013 rather than in the Outlook Web App.
  • By default, disables the rule actions to start an application or run a macro in Outlook 2013. If necessary, you can re-enable them by setting the EnableUnsafeClientMailRules registry value. See KB3191893 for more information.
  • Add the AutoDiscover URL for the Office 365 German Cloud (https://autodiscover-s.outlook.de) to the list of trusted AutoDiscover URLs to avoid a prompt when creating a mail profile with an Office 365 mailbox.
  • Fixes the following issues:
    • Resolves an issue for some Japanese IMAP accounts where after upgrading from Japanese Outlook 2010 to Japanese Outlook 2013, there are two Sent Items (送信済みアイテム) folders.
    • The proxy authentication doesn't work for the HTTP Redirect method in Outlook 2013. However, the proxy authentication still applies to other auto discover steps. Therefore, you may not able to create profiles for cloud mailboxes.
    • When you try to forward an email message in Outlook 2013, unexpected UI label (attachments label) appears. This issue occurs after you install December 6, 2016, update for Outlook 2013 (KB3127975).
    • When the binary data that is defined by a policy nudge is an exact multiple of 4k for Outlook 2013, Outlook 2013 may crash.
    • You can't add a delegate in Outlook 2013 if the Text Messages feature is enabled on the server.

    • With Add-ins, calling GetUserIdentityTokenAsync and MakeEwsRequestAsync at about the same time will result in one of them erroring out.

    • After you switch networks on a computer, Outlook 2013 sometimes won't reconnect to the Microsoft Exchange server.

    • An Add-in (web extension) returns an incorrect Exchange Web Services (EWS) URL if the internal and external EWS URLs are different.

    • The To-Do bar only displays recurring meetings in some cases.

How to get and install the update


Method 1: Microsoft Update

Method 2: Microsoft Update Catalog

Method 3: Microsoft Download Center

More Information


Security update deployment information

For deployment information about this update, see security update deployment information: June 13, 2017.

Security update replacement information

This security update replaces the previously released update KB3172519.

File hash information

Package Name Package Hash SHA 1 Package Hash SHA 2
outlook2013-kb3191938-fullfile-x86-glb.exe 7E91B670B035B2A140DCAE6A7B6797ABBA94F0CB 29E24ABD959D4EB9AC0B19F9B8274477C67111DA87486E878A478AB0DCD2CF37
outlook2013-kb3191938-fullfile-x64-glb.exe 5D49CD6BEE4836EE711980FA622A975298E5633F FE3D65CEAE4136DFD9A918506528A81AE6EF71B1EDE002E415A555FE7F354CFB

File information

How to get help and support for this security update


Help for installing updates: Windows Update FAQ

Security solutions for IT professionals:
TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware:
Microsoft Secure

Local support according to your country:
International Support

Propose a feature or provide feedback on Office Core: Office User Voice portal