The June security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.
It contains 4 security updates for Outlook (1), Word (1), and Shared Office Components (2). The details about the Outlook vulnerability can be found below;
CVE-2024-30103: Microsoft Outlook Remote Code Execution Vulnerability
- This vulnerability is currently not publicly disclosed nor exploited.
- Exploitation of the vulnerability requires the attacker to be authenticated using valid Exchange user credentials.
- An attacker who successfully exploited this vulnerability could bypass Outlook registry block lists and enable the creation of malicious DLL files.
- The Preview Pane is an attack vector.
- The Exploitability Assessment is rated: Exploitation Less Likely.
In addition, it contains 1 non-security fix related to Outlook Current Channel Version 2405, 10 fixes related to Outlook Monthly Enterprise Version 2404, and 3 fixes related to Outlook Semi-Annual (Preview) Version 2402.
- Version 2405
- We fixed an issue that prevented users from sending mail for a few hours after updating add-ins with on-send events.
- Version 2404
- We fixed an issue where the app closed unexpectedly using the Scheduling Assistant when creating a new meeting or viewing an existing meeting.
- We fixed an issue that caused Outlook to exit unexpectedly when using Copilot Summarize.
- We fixed an issue where custom forms from MAPI form servers stopped responding.
- We fixed an issue where users were unable to recall a message sent in Outlook.
- We fixed an issue that caused Outlook to exit unexpectedly when clicking on the [Organization] tab in the Hierarchical Address Book while Narrator is running.
- We fixed an issue that caused users to intermittently be unable to move items to their Online Archive.
- We fixed an issue that caused the first PolicyTip to take a long time to appear after starting Outlook.
- We fixed an issue that caused Sovereign users to be unable to create ToDo tasks from Outlook.
- We fixed an issue that caused users to be prompted to save messages that had no changes when the message was opened in a previous Outlook session.
- We fixed an issue that caused add-in developers to hit timeouts when retrieving notifications from an Outlook client context.
- Version 2402
- We fixed an issue that caused developers using the office.js API Office.context.mailbox.item.notificationMessages.getAllAsync in a launch event add-in to see calls stop responding when a notification message exists that doesn’t contain an action with a contextData property.
- We fixed an issue that caused some users to be unable to create ToDo tasks from Outlook.
- We fixed an issue that caused Outlook to exit unexpectedly when using Copilot Summarize.
Based on your release channel, you’ll be updated to the following version;
- Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
Version 2405 (Build 17628.20144) - Monthly Enterprise
Version 2404 (Build 17531.20190)
Version 2403 (Build 17425.20258) - Semi-Annual Enterprise (Preview)
Version 2402 (Build 17328.20414) - Semi-Annual Enterprise
Version 2308 (Build 16731.20716)
Version 2302 (Build 16130.21026) - Outlook LTSC 2021
Version 2108 (Build 14332.20721) - Outlook 2019 Volume Licensed
Version 1808 (Build 10411.20011)
Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.
