The December security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.
It contains 2 security updates for Outlook (1) and Word (1). The details about the Outlook vulnerability can be found below;
- CVE-2023-35636: Microsoft Outlook Information Disclosure Vulnerability
- This vulnerability is currently not publicly disclosed nor exploited.
- Exploitation of the vulnerability requires that a user open a specially crafted file.
- The Preview Pane is not an attack vector.
- The Exploitability Assessment is rated: Exploitation Less Likely.
In addition, it contains 1 non-security fix related to Outlook Current Channel Version 2311, 1 new feature and 13 fixes related to Outlook Monthly Enterprise Version 2310, 5 fixes related to Outlook Semi-Annual (Preview) Version 2308, and 1 fix related to Outlook Semi-Annual Version 2302. Most notable fixes are;
- Version 2311
- We fixed an issue where the message list was blank when switching between the “Focused” and “Other”. views.
- Version 2310
- Teams Meeting Apps now work in Outlook too
Now, you can configure a meeting app while scheduling an invite in Outlook. This meeting app will be ready to use when you chat or join the meeting on Teams. - We fixed an issue that caused a meeting update to be sent to all attendees when clicking on “cancel” in the “Send Update to Attendees” dialog.
- We fixed an issue that caused Outlook to fail to comply with the default browser settings for some users.
- We fixed an issue where Microsoft account users were missing their Outlook Add-ins.
- We fixed an issue where new lines were added to an Outlook signature when pressing Enter in the body of the email.
- Version 2308
- We fixed an issue that caused delegates to be unable to view their manager’s private calendar items even when granted permission.
- We fixed an issue where setting Breaks to Continuous changed to Page after a Mail Merge.
- Version 2302
- We fixed an issue that caused SafeLinks to fail to launch properly when the target document was in a nested folder.
Based on your release channel, you’ll be updated to the following version;
- Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
Version 2311 (Build 17029.20108) - Monthly Enterprise
Version 2310 (Build 16924.20180)
Version 2309 (Build 16827.20324) - Semi-Annual Enterprise (Preview)
Version 2308 (Build 16731.20460) - Semi-Annual Enterprise
Version 2302 (Build 16130.20868)
Version 2208 (Build 15601.20832) - Outlook LTSC 2021
Version 2108 (Build 14332.20615) - Outlook 2019 Volume Licensed
Version 1808 (Build 10405.20015)
Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.