The July security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.
It contains 3 security updates for Access, (1), Outlook (1), and Shared Office Components (1). The details about the Outlook vulnerability can be found below;
- CVE-2024-38020: Microsoft Outlook Spoofing Vulnerability
- This vulnerability is currently not publicly disclosed nor exploited.
- Exploitation of the vulnerability requires that a user opens a specifically crafted file.
- An attacker who successfully exploited this vulnerability could allow the disclosure of NTLM hashes.
- The Preview Pane is not an attack vector.
- The Exploitability Assessment is rated: Exploitation Less Likely.
In addition, it contains 2 non-security fixes related to Outlook Current Channel Version 2406, and 10 fixes related to Outlook Monthly Enterprise Version 2405.
- Version 2506
- We resolved an issue where characters don’t appear correctly in Text Box Gallery.
- Resolved an issue when assigning a Task in Outlook, characters may not render correctly. (Word)
- Version 2505
- We fixed an issue that caused Outlook users with E3 licenses to be unable to open protected meeting invitations without going to the web.
- We fixed an issue that caused users to see no prompt to send updates to attendees after removing attendees from a meeting on a shared calendar where the location of the meeting was set.
- We fixed an issue that caused users to see incorrect label information when they had 2 or more email windows open while a message with a label was displayed in the preview pane.
- We fixed an issue that caused the “Edit Meeting” button to disappear when a series exception is the first item opened in the Outlook session.
- We fixed an issue that caused Outlook to exit unexpectedly when using Copilot Summarize.
- We fixed an issue that caused users to be unable to view the “Permission granted by” information on Digitally Rights Managed messages.
- We fixed an issue that caused users to be unable to open some search results when searching their Online Archive.
- We added support for converting some COM add-ins to Web add-ins.
- We fixed an issue that prevented users from sending mail for a few hours after updating add-ins with on-send events.
- Resolved an issue in Outlook where background images wouldn’t render correctly, requiring the user to scroll or click into the message for the image to appear. (Word)
Version 2402 has now also been released to the Semi-Annual Enterprise Channel but currently without any Release Notes. However, going by the Release Notes of the Preview releases, there are no new features for Outlook this time.
Based on your release channel, you’ll be updated to the following version;
- Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
Version 2406 (Build 17726.20160) - Monthly Enterprise
Version 2405 (Build 17628.20188)
Version 2404 (Build 17531.20210) - Semi-Annual Enterprise (Preview)
Version 2402 (Build 17328.20452) - Semi-Annual Enterprise
Version 2402 (Build 17328.20452)
Version 2308 (Build 16731.20738)
Version 2302 (Build 16130.21042) - Outlook LTSC 2021
Version 2108 (Build 14332.20736) - Outlook 2019 Volume Licensed
Version 1808 (Build 10412.20006)
Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.
