CVE-2020-16947

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook versions prior to the fixed version

Description: A remote code execution issue exists in Microsoft Outlook software due to improper handling of objects in memory. This could allow an attacker to run arbitrary code in the context of the targeted user. If the targeted user has administrative user rights, the attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Outlook software. This can occur through email or web-based attacks, where an attacker convinces a user to open the specially crafted file.

Recommendations: For Microsoft Outlook versions prior to the fixed version, apply the security update that corrects how Outlook handles objects in memory to address the vulnerability. As a temporary workaround, consider avoiding the use of the Preview Pane, especially where the severity is indicated as Critical, until the security update is applied. Restrict access to specially crafted files and convince users to avoid opening suspicious files from untrusted sources.