A Security Update has been released for Outlook 2016. In addition to resolving the vulnerabilities, it also contains 11 documented improvements and fixes.
Most notable fixes and improvements are:
- Resolves the vulnerabilities mentioned in CVE-2017-11774, which could lead to the execution of arbitrary commands, and CVE-2017-11776 which could lead to information disclosure.
- You occasionally experience an error when you try to access the address book.
- After you send an email message in Outlook 2016 that has an IMAP account configured, the message appears in the Drafts folder again.
- When you use Outlook.com to send email messages to users who are outside the service, those messages show the winmail.dat files as attachments for those recipients.
Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 365 and updates Outlook to version 16.0.4600.1000 (msi-based installation) or 16.0.8431.2107 (Office 365 based installation) or 16.0.8201.2200 (Office 365 Deferred Channel installation).