A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of a Microsoft 365 subscription.
It contains 8 security updates for Excel (6), Outlook (1) and PowerPoint (1).
The details about the Outlook vulnerability;
- CVE-2020-17119: Microsoft Outlook Information Disclosure Vulnerability
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.
Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited.
The Preview Pane is not an attack vector.
In addition, it contains no documented non-security fixes for Outlook Current Version 2011 (but there were 2 fixes last week), 2 features and 9 fixes for Monthly Enterprise Version 2010, 8 fixes for Semi-Annual (Preview) Version 2008 and 1 fix for Semi-Annual Enterprise Version 2002. Most notable fixes are;
- Version 2011 and Version 2010
We fixed an issue that caused the original attendees of some meetings to receive a cancellation when another attendee forwards the meeting. - Version 2011 and Version 2010
We fixed an issue that caused some users to see no signatures in the signatures drop down despite having one or more signatures configured. - Version 2010 – User Experience Updates for Tasks
A visual refresh of task items. - Version 2010 – Switch Office themes automatically
Office can automatically switch themes to match your Windows 10 theme settings.
File > Office Account and choose “Use system setting” under the Office Theme drop-down. - Version 2008
We fixed an issue that caused inline images to disappear when replying to a message with a protection label from Azure Information Protection. - Version 2008
We fixed an issue that caused the user name to be displayed as a phone number when sending an Azure Protected Voicemail, causing Outlook Desktop users to be unable to open voicemails from external users. - Version 2008 and Version 2002
We fixed an issue where setting up OME Configuration was adding an extraneous attachments on the mail item which was forcing Outlook to Encrypt the message even though the DecryptAttachmentsForEncryptOnly option was setup on the service side.
Based on your release channel, you’ll be updated to the following version;
- Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail
Version 2011 (Build 13426.20332) - Monthly Enterprise
Version 2010 (Build 13328.20478)
Version 2009 (Build 13231.20620) - Semi-Annual Enterprise (Preview)
Version 2008 (Build 13127.20910) - Semi-Annual Enterprise
Version 2002 (Build 12527.21416)
Version 1908 (Build 11929.20984) - Outlook 2019 Volume License
Version 1808 (Build 10369.20032)
Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.