MS16-107: Description of the security update for Outlook 2013: September 13, 2016

Summary
This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS16-107.

Note To apply this security update, you must have the release version of Service Pack 1 for Microsoft Office 2013 installed on the computer.

For a complete list of affected versions of Microsoft Office software, see Microsoft Knowledge Base article KB3185852.

Improvements and fixes
This security update contains improvements and fixes for the following nonsecurity issues:
  • Enable the DialogAPI 1.1 requirement that is set in Office 2013 applications and the Mailbox 1.4 requirement that is set in Outlook 2013.
  • Translate some terms in multiple languages to make sure that the meaning is accurate.
  • Assume that you disable read receipt functionality in Outlook 2013. When you receive email messages that have a requested SMIME receipt, local copies of email messages bloat the Versions folder on the server that is running Exchange.
  • When you forward IRM email messages, the content is attached as an .msg attachment instead of being inserted into the message body in the new email message.
  • A non-default Retention policy that is applied to shared mailboxes in Outlook does not apply to subfolders that are created in those mailboxes by any user who has permissions to that mailbox in Cached Exchange mode. This causes messages that are moved to those subfolders to inherit the parent folder's retention policy and not honor the policy set by the user. Therefore, the message can be deleted during the wrong period.
  • When you move a junk email message from the Junk E-Mail folder, and you try to download the email message again in Outlook 2013, the email message is moved to the Junk E-Mail folder again.
  • When you use a meeting request in Outlook 2013, Outlook crashes randomly.
How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see the "Turn on automatic updating in Control Panel" section of this Safety & Security Center article.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to Microsoft Update Catalog the website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
More information

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base article KB3185852.

Security update replacement information

This security update doesn't replace any previously released update.

File hash information

Package namePackage hash SHA 1Package hash SHA 2
outlook2013-kb3118280-fullfile-x86-glb.exeCC6AA103504A0A60554FFB41C43E76E55ACB530A77CD29BA08B948F388F7873FAEBF54D783B0A0CA0F4BEE7AC4EFBF143E976D8F
outlook2013-kb3118280-fullfile-x64-glb.exeBEA071667BAF8335B94B502AF16351F6689CFBE1FFF48AF8603524A9C355C8EE9D38913C2CE811DE32B3650FF20BE529E4B2B3AF

File information

The English version of this security update has the file attributes (or later file attributes) that are listed in the following table.ERROR: PhantomJS timeout occurred