The July security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.
It contains 10 security updates for Excel (3), Outlook (2), and Office (5). The details about the Outlook vulnerabilities can be found below;
- CVE-2023-33151: Microsoft Outlook Spoofing Vulnerability
- This vulnerability is currently not publicly disclosed nor exploited.
- Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
- The Exploitability Assessment is rated: Exploitation Less Likely.
- CVE-2023-35311: Microsoft Outlook Security Feature Bypass Vulnerability
- This vulnerability is currently not publicly disclosed but it is being exploited already.
- Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
- The Exploitability Assessment is rated: Exploitation Detected.
In addition, it contains 1 new feature and 3 non-security fixes related to Outlook Monthly Enterprise Version 2305.
- Block emails with sensitive labels
Implement pop-up messages in Outlook that warn, justify, or block emails being sent based on sensitivity labels. - We fixed an issue where the application would close unexpectedly when searching using dates.
- We fixed an issue that caused users to see the error, “We cannot render Actionable Messages right now” when reading some email messages.
- We fixed an issue where doing a mail merge would display the error, “Microsoft Word is required to run the Mail Merge Wizard”.
Version 2302 has now also been released to the Semi-Annual Enterprise Channel and contains 1 highlighted new features and 25 fixes which have been made available already to the other release channels. The new feature and some notable fixes are;
- Improved Calendar Search
Improvements have been made to Calendar search, largest of which is the ability to more easily find the next occurrence of a series in search results. - We fixed an issue that caused users with an Outlook.com account in their profile to be prompted for their password and to receive the following error message: “You cannot log in with a personal account. Use your work or school account.”
- We fixed an issue that caused Outlook to close unexpectedly when using Loop Components in an email.
- We fixed an issue where some settings did not roam between machines when switching to Focused Inbox.
- We fixed an issue that caused the Sub-folders search scope to be broken when searching in the Online Archive.
Based on your release channel, you’ll be updated to the following version;
- Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
Version 2306 (Build 16529.20182) - Monthly Enterprise
Version 2305 (Build 16501.20242)
Version 2304 (Build 16327.20348) - Semi-Annual Enterprise (Preview)
Version 2302 (Build 16130.20644) - Semi-Annual Enterprise
Version 2302 (Build 16130.20644)
Version 2208 (Build 15601.20706)
Version 2202 (Build 14931.21040) - Outlook LTSC 2021
Version 2108 (Build 14332.20529) - Outlook 2019 Volume Licensed
Version 1808 (Build 10400.20007)
Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.
