A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of an Office 365 subscription.
It contains 6 security updates for Excel (2), Word (1) and Office (3). The following vulnerability and its fix also affects Outlook;
- CVE-2020-0760: Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
To exploit the vulnerability, an attacker must first convince a user to open a specially crafted Office document.
The updates address the vulnerability by correcting how Office handles type libraries.
Note: Some types of Visual Basic for Applications (VBA) references might be affected by this update. For more information, see FAQ for VBA solutions affected by April 2020 Office security updates.
In addition, it contains 1 documented non-security fixes for Outlook Monthly, 2 for Semi-Annual 1908 and 4 for Semi-Annual (Targeted) 2002. Most notable fixes are;
- Monthly and Targeted: Addressed an issue that caused users to occasionally experience a crash when using the X button on the mouse.
- Targeted: Addressed an issue that caused the Save to Cloud button to be missing from Attachment Tools.
- Semi-Annual 1908: Addressed an issue that caused customers to see an empty room list in some scenarios.
- Semi-Annual 1908:
Addressed an issue that caused users to experience a crash when shutting down Outlook.
Based on your release channel, you’ll be updated to the following version;
- Office 365, Outlook 2016 Retail, Outlook 2019 Retail
Version 2003 (Build 12624.20442) - Office 365 Semi Annual (Targeted)
Version 2002 (Build 12527.20442) - Office 365 Semi Annual
Version 1908 (Build 11929.20708)
Version 1902 (Build 11328.20564) - Outlook 2019 Volume License
Version 1808 (Build 10358.20061)
Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installation of Office 2016.