A Security Update has been released for Outlook 2016. It resolves the following vulnerability;
- CVE-2024-38173: Microsoft Outlook Remote Code Execution Vulnerability
- This vulnerability is currently not publicly disclosed nor exploited.
- An attacker must gain access to the victim user’s Microsoft Outlook account by compromising or stealing their login credential and then install a malicious form prior to exploiting the vulnerability successfully.
- Successful exploitation of this vulnerability requires a user to open a malicious email with an affected version of Microsoft Outlook and then perform specific actions to trigger the vulnerability.
- The Preview Pane is an attack vector.
- The Exploitability Assessment is rated: Exploitation Less Likely.
View: Download information for KB5002626
Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5461.1001. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.
