Outlook 2016 (MSI) Security Update for December 2018

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

  • CVE-2018-8587
    Which could allow remote code execution via a specially crafted file attachment which must be opened by a user.

This update also contains additional fixes for 2 non-security issues;

  • When you attach a file that contains the “&” character in its name to an email message, the “&” character isn’t displayed in the attachment name.
  • After you set the DisableCrossAccountCopy policy, you can’t move a folder to another location in the same email account.

View: Download information for KB4461544

Update: An additional update (KB4011722) has been released this month which solves an issue with mail delivery rules stopping to work and opening the Mange Rules & Alerts dialog returns the following error;

The operation failed because of a registry or installation problem. Restart Outlook and try again. If the problem persists, reinstall.

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4783.1000 and the updated release to version 16.0.4783.1001. This update does not apply to Perpetual and Office 365 based installations of Office 2016.