A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of an Office 365 subscription.
It contains 6 security updates for Excel (3), Outlook (1), Skype (1) and Office (1). Details about the Outlook vulnerability;
- CVE-2019-1084: Microsoft Exchange Information Disclosure Vulnerability (All)
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.
In addition, an Outlook issue has been addressed that caused current folder search to intermittently fail.
Based on your release channel, you’ll be updated to the following version;
- Office 365, Outlook 2016 Retail, Outlook 2019 Retail
Version 1906 (Build 11727.20244) - Outlook 2019 Volume License
Version 1808 (Build 10348.20020) - Office 365 Semi Annual Channel
Version 1902 (Build 11328.20368)
Version 1808 (Build 10730.20360)
Version 1803 (Build 9126.2428)
Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself. This update does not apply to msi-based installation of Office 2016.