A Security Update has been released for Outlook 2016. In addition to resolving the vulnerability, it also contains 16 documented improvements and fixes.
Most notable fixes are:
- Resolves the vulnerabilities mentioned in CVE-2017-0106 and CVE-2017-0204 which could allow remote code execution if a user opens a specially crafted Office file or email message.
- When you Reply All for an email message to an Outlook.com account, your email address is added to the To field.
- After you rename a folder in an IMAP account in Outlook 2016, the subscription may be broken. This folder might not be synchronized with the IMAP mailbox any longer, and synchronization errors similar to the following can be seen in the “Sync issues” folder:
Error when synchronizing this folder.
- When you forward and an email message that contains attachments in Outlook 2016 and you add attachments, the attachments in the email message are swapped and become corrupted.
Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 365 and updates Outlook to version 16.0.4522.1001 (msi-based installation) or 16.0.7870.2038 (Office 365 based installation) or 16.0.7369.2127 (Office 365 Deferred Channel installation).