Once again it’s Microsoft’s so-called Patch Tuesday. And today a total of 47 patches were releases via Windows Update. If you’re running Outlook 2007 or 2010 one update in particular you’ll want to verify you have is MS13-068:
This security update resolves a privately reported vulnerability in Microsoft Outlook. The vulnerability could allow remote code execution if a user opens or previews a specially crafted email message using an affected edition of Microsoft Outlook. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Microsoft Outlook 2007 and Microsoft Outlook 2010.
What Does This Mean?
What this means is a bad guy could use Outlook 2007 or 2010 to gain control of your system remotely. What makes this particularly alarming is that it wouldn’t require any action from the user, other than having an infected email message display in the preview Window in Outlook. It looks like this only affects users of Outlook 2007 or 2010.
Just a reminder to make sure you have Windows set to automatically download and install updates. This way you can be sure you’re protected against new vulnerabilities in Windows and Microsoft Office. Also, once in a while it’s a good idea to run Windows Update manually in case Microsoft releases one off patches – which it sometimes does for zero day exploits.
After installing today’s updates, you can verify you’re Outlook is patched by going to Control Panel > Windows Update and look for (KB2756473). If it’s there you’re good to go.
Microsoft issued 13 bulletins and four of them are critical and each involves Remote Code Execution on Outlook, Internet Explorer and SharePoint. Other programs patched today are Internet Explorer, Office, and Active Directory – just to name a few.
Fix the Rogue Outlook 2013 Widows Update – Empty Folder Pane
Of course there are updates for users of Office 2013 today too. One of them, which isn’t critical, breaks the folder pane in Outlook 2013 and leaves the folder pane empty. The culprit is (KB2817630). It’s not a critical update, it’s supposed to contain bug fixes, stability and performance improvements. Well, several users on TechNet forums have reported the same problem, myself included. Here is what happened to my folders pane – completely empty:
To fix the issue, go in to updates and remove the offender to fix.
Annoyingly you’re prompted to restart to complete the uninstall.
On my Windows 8 Pro 64-bit system running Outlook 2013 32-bit I closed out of Outlook, uninstalled the update, closed out of the reboot message, and relaunched Outlook and the Folders were back and everything seemed to work correctly. I did end up restarting later for good measure though.
“Shortly after publishing the September Public Update, we received notifications of a potential issue with Outlook 2013 after installing the non-security update KB2817630. Based on those reports we immediately removed the patch from Microsoft Update. If you haven’t already downloaded or installed the patch, you will not have these problems or be offered the problematic patch.”