Security Updates for Outlook (July 2019)
Medium Nessus Plugin ID 126585
SynopsisThe Microsoft Outlook application installed on the remote host is affected by a vulnerability.
DescriptionThe Microsoft Outlook application installed on the remote host is missing security updates. It is, therefore, affected by a vulnerability:
- An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. (CVE-2019-1084)
SolutionMicrosoft has released the following security updates to address this issue:
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.