A Security Update has been released for Outlook 2016 Retail, Outlook 2019 and Office 365. It resolves the following 6 vulnerabilities;
- CVE-2018-8522, CVE-2018-8524 and CVE-2018-8576
Which could allow remote code execution via a specially crafted Office file. - CVE-2018-8582
Which could allow remote code execution when importing a specially crafted rwz-file (rules export). - CVE-2018-8558 and CVE-2018-8579
Which could lead to information disclosure as users could share anonymously-accessible links to other users via email where these links are intended to be accessed only by specific users.
Based on your release channel, you’ll be updated to the following version;
- Office 365, Outlook 2016 Retail, Outlook 2019 Retail
Version 1810 (Build 11001.20108) - Outlook 2019 Volume License
Version 1808 (Build 10338.20019) - Office 365 Semi Annual Channel
Version 1803 (Build 9126-2315)
Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself. This update does not apply to msi-based installation of Office 2016.