Updates have been released for Outlook 2013 and Outlook 2016 to close two critical security vulnerabilities. With both vulnerabilities, it is possible to execute malicious code on the computer. With one of the vulnerabilities, it is sufficient to receive an email with a malicious attachment. The attachment does not even need to be opened.
The corresponding CVEs can be found here:
- CVE-2018-0852 | Microsoft Outlook Memory Corruption Vulnerability
- CVE-2018-0850 | Microsoft Outlook Elevation of Privilege Vulnerability
As it is to be expected that such loopholes will be exploited quickly, the updates should be installed as soon as possible.
The current Outlook 2016 Click-to-Run version is 1801 (Build 9001.2171, Monthly Channel) or 1708 (Build 8431.2215 Semi-Annual). The updates for the "normal" Outlook versions can be downloaded via the update catalog or installed via Windows Update.
