Outlook 2016 (MSI) Security Update for December 2020

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

  • CVE-2020-17119: Microsoft Outlook Information Disclosure Vulnerability
    The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.
    Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited.
    The Preview Pane is not an attack vector.

This update contains 4 additional fixes or improvements for non-security issues;

  • Fixes an issue in which some users see Outlook start in an Offline state unless they manually select to work online.
  • Fixes an issue in the public API MAPISendMail or MAPISendMailW that occurs if the “lpszSubject” member of a MapiMessage or MapiMessageW structure is blank.
  • Fixes an issue that causes the current time indicator to get out of sync when users view multiple calendars.
  • Fixes an issue in which the “otherTelephone” and “otherHomePhone” attributes for Active Directory users are not mapped to the corresponding Outlook Lightweight Directory Access Protocol (LDAP) attributes.

View: Download information for KB4486748

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5095.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.