The September security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.
It contains 8 security updates for Excel (1), Outlook (1), Word (2), and Office (4). The details about the Outlook vulnerability can be found below;
- CVE-2023-36763: Microsoft Outlook Information Disclosure Vulnerability
- This vulnerability is currently not publicly disclosed nor exploited.
- Exploitation of the vulnerability requires no user interaction and could allow the disclosure of credentials.
- The Preview Pane is not an attack vector.
- The Exploitability Assessment is rated: Exploitation Less Likely.
In addition, it contains 4 non-security fixes related to Outlook Current Channel Version 2308, 8 fixes related to Outlook Monthly Enterprise Version 2307, 4 fixes related to Outlook Semi-Annual Version 2302, and 1 fix related to Outlook Semi-Annual Version 2208. Most notable fixes are;
- Version 2308
- We fixed an issue where an out-of-memory error would appear when sending email after seeing the WaitOnSend dialog pop up.
- We fixed an issue where the External Sender tag was not showing.
- We fixed an issue that caused Outlook to close unexpectedly when viewing an email.
- We fixed an issue that caused Outlook to close unexpectedly in some search scenarios.
- Version 2307
- We fixed an issue that caused the incorrect working hours to be displayed on shared-in calendars.
- We fixed an issue that caused the application to close unexpectedly when clicking on non-HTTP links.
- We fixed an issue that caused users to receive errors about having too many Actionable Messages open more frequently than expected.
- We fixed an issue where Outlook would prompt the user to save changes to a meeting when no changes were made.
- Version 2302
- We fixed an issue that caused users to receive a Non-Delivery Report (NDR) when overriding the oversharing policy notification or reporting it as a false positive.
- We fixed an issue that caused Outlook to fail to display PolicyTips in Outlook sessions that were launched with no internet connection.
- We fixed an issue that caused Outlook to close unexpectedly when viewing an email.
- Version 2302 and Version 2208
- We fixed an issue that caused some users of Outlook to see a “Retrieving templates from server” dialog for a very long time when clicking on the “From” field in an email message.
Version 2308 has now also been released to the Semi-Annual Enterprise Channel (Preview) and contains 7 highlighted new features and over 37 fixes related to Outlook, which have been made available already to the Current release channel too. The new features are;
- Get relevant alerts with new Notifications pane
Don’t let important information get buried in your inbox. The new Notifications pane in Outlook delivers notifications that are relevant to you in the context of your regular email. The pane gives you the ability to customize the types of notifications you wish to receive, including email and document @mentions, travel updates, deliveries, and more. - Org Explorer
Visualize and explore your company’s internal structure, work teams, and individual roles. - Assign a sublabel as the default when a parent label is selected
When using built-in sensitivity labels in Microsoft 365 Apps, admins can specify a sublabel to get applied automatically when a parent label is selected. This takes effect only when users select a parent label manually. - Accessibility Ribbon in Outlook for Windows
The Accessibility Ribbon brings together in one place all the tools you need to make your emails accessible. - We added a registry key that hides the “Try the new Outlook” toggle
To learn more about the new Outlook for Windows, please click here. For additional information on managing mailbox access to the new Outlook for Windows, please click here.- Key:
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\General
- Value type:
REG_DWORD
- Value name:
HideNewOutlookToggle
- Possible values;
0
(default) – “Try the new Outlook” toggle, if available in selected update channel, is displayed to users1
– “Try the new Outlook” toggle is hidden
- Key:
- Inheritance of attachment labels to email messages
For email messages with attachments, apply a label that matches the highest classification of those attachments. - Block emails with sensitive labels
Implement pop-up messages in Outlook that warn, justify, or block emails being sent based on sensitivity labels.
Based on your release channel, you’ll be updated to the following version;
- Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
Version 2308 (Build 16731.20234) - Monthly Enterprise
Version 2307 (Build 16626.20208)
Version 2306 (Build 16529.20254) - Semi-Annual Enterprise (Preview)
Version 2308 (Build 16731.20234) - Semi-Annual Enterprise
Version 2302 (Build 16130.20766)
Version 2208 (Build 15601.20772) - Outlook LTSC 2021
Version 2108 (Build 14332.20565) - Outlook 2019 Volume Licensed
Version 1808 (Build 10402.20023)
Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.