Outlook 2016 (MSI) Security Update for October 2020

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

  • CVE-2020-16949: Microsoft Outlook Denial of Service Vulnerability
    A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.
    Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.

This update contains 4 additional fixes or improvements for non-security issues;

  • Fixes an issue that causes Outlook to intermittently crash when users interact with calendar items.
  • Fixes an issue to correctly block users from being able to forward multiple selected messages that have the “Do Not Forward” policy applied.
  • Fixes an issue in which the “LegacyExchangeDN” value for an email sender is preserved and displayed in the “From” field after a draft of the email is moved from a mailbox that has assistant permissions to the manager’s mailbox.
  • Fixes an issue that causes the computers of some users to fail when they connect through MAPI/HTTP.

View: Download information for KB4486671

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5071.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.