A Security Update has been released for Outlook 2016. It resolves the following vulnerability;
- CVE-2020-16949: Microsoft Outlook Denial of Service Vulnerability
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.
Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server.
The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.
This update contains 4 additional fixes or improvements for non-security issues;
- Fixes an issue that causes Outlook to intermittently crash when users interact with calendar items.
- Fixes an issue to correctly block users from being able to forward multiple selected messages that have the “Do Not Forward” policy applied.
- Fixes an issue in which the “LegacyExchangeDN” value for an email sender is preserved and displayed in the “From” field after a draft of the email is moved from a mailbox that has assistant permissions to the manager’s mailbox.
- Fixes an issue that causes the computers of some users to fail when they connect through MAPI/HTTP.
Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5071.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.