A Rollup Update has been released for Outlook 2016 as well as a Security Update for Word 2016 which also affects Outlook.
Word’s Security update resolves the following vulnerability;
- CVE-2020-1229: Microsoft Outlook Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system. An attacker who successfully exploited this vulnerability could cause a system to load remote images. These images could disclose the IP address of the targeted system to the attacker.
Exploitation of the vulnerability requires that a user open a specially crafted image with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted image to the user.
The update addresses the vulnerability by changing how remote images are processed in Outlook.
Outlook’s non-security update contains the following documented improvements fixes.
- Improves Japanese translation for the Chinese holiday ‘Winter Solstice’ in the Japanese version of Outlook.
- If you save an attachment in an email message, the folder that the attachment was saved in will not be deleted until you close Outlook.
- Addresses an issue that causes users to see shared folders to disappear from their Favorites list when Outlook starts in an offline state.
- Addresses an issue that causes some users to experience an intermittent crash of Outlook.
Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5017.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.