A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of an Office 365 subscription.
It contains 5 security updates for Excel (2), Outlook (1), Project (1) and Office (1). The Details about the Outlook vulnerabilities;
- CVE-2020-1229: Microsoft Outlook Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system. An attacker who successfully exploited this vulnerability could cause a system to load remote images. These images could disclose the IP address of the targeted system to the attacker.Exploitation of the vulnerability requires that a user open a specially crafted image with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted image to the user.
The update addresses the vulnerability by changing how remote images are processed in Outlook.
In addition, it contains 5 documented new features and 6 fixes Monthly Enterprise 2004, 4 for Semi-Annual (Targeted) 2002 and 1 for Semi-Annual 1908. Most notable fixes are;
- Version 2004 – A smarter To: line
When you click the To: line to address a message, we suggest recipients you’re likely to choose. Plus, you can see their picture, so you know you’re sending to the right person. - Version 2004 – Calendar gets a makeover
See visual updates that make your calendar easier to scan. - Version 2004
Addresses an issue that caused users to experience a crash when displaying toast notifications. - Version 2002
Enables joining a Teams meeting directly through the native Teams client. - Version 2002
Addressed an issue that caused users with an incorrect browser emulation setting were unable to complete the authentication prompt for Gmail. - Version 2002
Addressed an issue that caused Outlook users on server operating systems to see the error, “Antivirus status: Invalid. This version of Windows supports antivirus detection, but no antivirus was found” despite having anti virus properly configured. - Version 1908
Addressed an issue that caused users to see message body truncation when forwarding large HTML messages.
Based on your release channel, you’ll be updated to the following version;
- Office 365, Outlook 2016 Retail, Outlook 2019 Retail
Version 2005 (Build 12827.20336) - Office 365 Monthly Enterprise
Version 2004 (Build 12730.20430)
Version 2003 (Build 12624.20708) - Office 365 Semi Annual (Targeted)
Version 2002 (Build 12527.20720) - Office 365 Semi-Annual
Version 1908 (Build 11929.20838)
Version 1902 (Build 11328.20602) - Outlook 2019 Volume License
Version 1808 (Build 10361.20002)
Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installation of Office 2016.
