A Security Update has been released for Outlook 2010. It resolves the following vulnerability;
- CVE-2020-17119: Microsoft Outlook Information Disclosure Vulnerability
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.
Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited.
The Preview Pane is not an attack vector.
This is an extra Security Update for Outlook 2010 as it has already reached the end date for Extended Support. It is highly recommended to update to a later version of Outlook or an alternative mail client as soon as possible.
Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7261.5000.