A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of an Office 365 subscription.
It contains 3 security updates for Outlook (1), Excel (1) and Office (1). Details about the Outlook vulnerabilities;
- CVE-2020-0696: Microsoft Outlook Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats. The security feature bypass by itself does not allow arbitrary code execution. However, to successfully exploit the vulnerability, an attacker would have to use it in conjunction with another vulnerability, such as a remote code execution vulnerability, to take advantage of the security feature bypass vulnerability and run arbitrary code.
To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URI with an affected version of Microsoft Outlook software.
The security update addresses the vulnerability by correcting how Microsoft Outlook handles the parsing of URI formats.
In addition, it contains 2 documented non-security fixes for Outlook Monthly, 6 for Semi-Annual 1908 (including Targeted) and 1 for Semi-Annual 1902. Most notable fixes are;
- Monthly: Addresses an issue that caused users to experience a crash when canceling account setup.
- Monthly and Semi-Annual 1908: Addresses an issue that caused users to experience a crash when specifying an invalid From address.
- Semi-Annual 1908: Addresses an issue that caused users to have problems problems with shared calendar folders syncing to the OST, resulting in permission errors when they try to interact with these folders.
- Semi-Annual 1908: Addressed an issue that caused users to experience a hang at the Loading Profile screen when Outlook is starting up.
- Semi-Annual 1902: Addresses an issue that caused users to encounter encryption algorithm is not supported errors when sending an encrypted email.
Based on your release channel, you’ll be updated to the following version;
- Office 365, Outlook 2016 Retail, Outlook 2019 Retail
Version 2001 (Build 12430.20264) - Office 365 Semi Annual (Targeted)
Version 1908 (Build 11929.20606) - Office 365 Semi Annual
Version 1908 (Build 11929.20606)
Version 1902 (Build 11328.20526)
Version 1808 (Build 10730.20438) - Outlook 2019 Volume License
Version 1808 (Build 10356.20006)
Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installation of Office 2016.
