The February security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.
It contains 6 security updates for Outlook (2), Visio (1), Word (1), and Office (2). The details about the Outlook vulnerabilities can be found below;
- CVE-2024-21378: Microsoft Outlook Remote Code Execution Vulnerability
- This vulnerability is currently not publicly disclosed nor exploited.
- Exploitation of the vulnerability requires that a user open a specially crafted file.
- The Preview Pane is an attack vector.
- The Exploitability Assessment is rated: Exploitation More Likely.
- CVE-2024-21402: Microsoft Outlook Remote Code Execution Vulnerability
- This vulnerability is currently not publicly disclosed nor exploited.
- If the attacker successfully exploits the vulnerability, the attacker would gain the rights of the user that is running the affected application.
- The Exploitability Assessment is rated: Exploitation Less Likely.
In addition, it contains 1 non-security fix related to Outlook Current Channel Version 2401, and 7 fixes related to Outlook Monthly Enterprise Version 2312.
- 2401
- We fixed an issue where the App Search bar was unexpectedly appearing above the message list in Outlook 2016 and Outlook 2019.
- 2312
- We fixed an issue that caused Outlook to exit unexpectedly when opening embedded mail attachments in another application.
- We fixed an issue where the list of invalid recipients was showing duplicates.
- We fixed an issue where Mail Tips were not showing for attachments.
- We fixed an issue that caused Data Loss Prevention features to be unexpectedly disabled when disabling Optional Connected Experiences.
- We fixed an issue where Skype for Business was shutting down unexpectedly at start up.
- We fixed an issue where the message list was blank when switching between the “Focused” and “Other” views.
- We fixed an issue that caused Outlook to exit unexpectedly after discarding an edit to a received single instance meeting.
Based on your release channel, you’ll be updated to the following version;
- Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
Version 2401 (Build 17231.20236) - Monthly Enterprise
Version 2312 (Build 17126.20190)
Version 2311 (Build 17029.20178) - Semi-Annual Enterprise (Preview)
Version 2308 (Build 16731.20550) - Semi-Annual Enterprise
Version 2308 (Build 16731.20550)
Version 2302 (Build 16130.20916)
Version 2208 (Build 15601.20870) - Outlook LTSC 2021
Version 2108 (Build 14332.20637) - Outlook 2019 Volume Licensed
Version 1808 (Build 10407.20032)
Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.
