The August security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.
It contains 7 security updates for Excel (2), Outlook (1), PowerPoint (1), Project (1), Visio (1), and Shared Office Components (1). The details about the Outlook vulnerability can be found below;
- CVE-2024-38173: Microsoft Outlook Remote Code Execution Vulnerability
- This vulnerability is currently not publicly disclosed nor exploited.
- An attacker must gain access to the victim user’s Microsoft Outlook account by compromising or stealing their login credential and then install a malicious form prior to exploiting the vulnerability successfully.
- Successful exploitation of this vulnerability requires a user to open a malicious email with an affected version of Microsoft Outlook and then perform specific actions to trigger the vulnerability.
- The Preview Pane is an attack vector.
- The Exploitability Assessment is rated: Exploitation Less Likely.
In addition, it contains 10 non-security fixes related to Outlook Monthly Channel Version 2406.
- We resolved an issue where characters don’t appear correctly in Text Box Gallery.
- We fixed an issue that caused Outlook to exit unexpectedly when using Copilot Summarize.
- We fixed an issue that caused users to see Outlook exit unexpectedly when declining a meeting and sending a response.
- We fixed an issue where a MailTip would disappear and render an attachment not detectable after an email with an attachment containing sensitive information was forwarded.
- We fixed an issue that caused Copilot drafts to display incorrectly with non-Latin character sets.
- We fixed an issue that caused users to be unable to see the categories they applied to an email until after they closed the email window.
- We fixed an issue that caused Outlook to exit unexpectedly shortly after launch for some users.
- We fixed an issue that prevented users from sending mail for a few hours after add-ins with on-send events were updated.
- Resolved an issue in Word where pasting data from Word or Excel to an Outlook template as a link would give an error message. (Word)
- Resolved an issue when assigning a Task in Outlook, characters may not render correctly. (Word)
Based on your release channel, you’ll be updated to the following version;
- Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
Version 2406 (Build 17830.20166) - Monthly Enterprise
Version 2406 (Build 17726.20206)
Version 2405 (Build 17628.20206) - Semi-Annual Enterprise (Preview)
Version 2402 (Build 17328.20550) - Semi-Annual Enterprise
Version 2402 (Build 17328.20550)
Version 2308 (Build 16731.20792)
Version 2302 (Build 16130.21094) - Outlook LTSC 2021
Version 2108 (Build 14332.20763) - Outlook 2019 Volume Licensed
Version 1808 (Build 10413.20020)
Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.
