Description of the security update for Outlook 2016: October 10, 2017

Applies to: Outlook 2016

Summary


This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-11774 and Microsoft Common Vulnerabilities and Exposures CVE-2017-11776.

Note To apply this security update, you must have the release version of Outlook 2016 installed on the computer.

Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer (.msi)-based edition of Office 2016. It doesn't apply to the Office 2016 Click-to-Run editions, such as Microsoft Office 365 Home. (Determining your Office version)

Improvements and fixes


This security update contains the following improvements and fixes:
 
  • Outlook will not connect with MAPI/HTTP if certain HTTP headers are received by the client with unexpected type casing.
  • You occasionally experience an error when you try to access the address book.

  • When you open a recurring meeting with exceptions in Outlook 2016, the meeting details may be lost.

  • An Add-in (web extension) returns an incorrect Exchange Web Services (EWS) URL if the internal and external EWS URLs are different.

  • After you send an email message in Outlook 2016 that has an IMAP account configured, the message appears in the Drafts folder again.

  • When you forward or reply to an HTML email message that has some images in Outlook 2016, one or more attachments or inline images may be lost.

  • When you use Outlook.com to send email messages to users who are outside the service, those messages show the winmail.dat files as attachments for those recipients.

  • The Apps for Office button are no longer visible on the compose form if there are no legacy compose add-ins enabled.

  • When you open a recurring meeting that has exceptions in Online mode in Outlook 2016, the meeting body may be blank.

  • Updates the holiday information in the Outlook holiday file (Outlook.HOL) for Malaysia, Russia, Trinidad, and Tobago. To apply the change, follow these steps:

    • Install this update that contains the updated .HOL file.

    • Go to Calendar, and then select View -> Change View -> List -> Categories.

    • Select and delete the old holiday events that are grouped for the relevant location.

    • Select File -> Options -> Calendar -> Add Holidays, check the relevant holiday group, and then select OK.

  • Improves some translations for the Russian 32-bit version of Outlook 2016.

How to get and install the update


Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information


Security update deployment information

For deployment information about this update, see security update deployment information: October 10, 2017.

Security update replacement information

This security update replaces previously released security update 4011091.

File hash information

Package name Package hash SHA 1 Package hash SHA 2
outlook2016-kb4011162-fullfile-x64-glb.exe E131548EFD60A4F19B7720FEB064A3485E7A8B37 C4EC930F479931281529C373894B9E70C16FF6A0381DFE1CB887F125F4147CE6
outlook2016-kb4011162-fullfile-x86-glb.exe 5D36BADCB16C2969273D537A1399D968D34AEB9C D6F2D9B34D99C5F4EADC1117B8FBF050BDEB5FCCFD59A602E1021E7C2F1BBE46

File information

The English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

How to get help and support for this security update


Help for installing updates: Windows Update FAQ

Security solutions for IT professionals: Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

Propose a feature or provide feedback on Office: Office User Voice portal