Outlook 2016 (MSI) Security Update for March 2023

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

  • CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
    • This vulnerability is currently not publicly disclosed but it is exploited.
    • The exploit for this vulnerability can be triggered automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.
    • The Exploitability Assessment is rated: Exploitation Detected.

Exchange administrators can use this script to analyze whether mailboxes have been targeted by potentially malicious messages.

View: Download information for KB5002254

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5387.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.