HowTo-Outlook

A Rollup Update has been released for Outlook 2016. This is a non-security update which contains the following documented fixes.

• Fixes an issue that causes smart card authentication users to receive repeated authentication prompts from Outlook when disabling TLS 1.0.
• Fixes an issue that causes the group policy for the “End appointments and meeting early” calendar option to no longer work.

View: Download information for KB5001921

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5161.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.

Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.

The updates fixes the following Remote Code Execution Vulnerabilities;

• CVE-2021-31195
• CVE-2021-31198
• CVE-2021-31207
• CVE-2021-31209

Only CVE-2021-31207 is currently publicly disclosed but none of the them are exploited. The Exploitability Assessment is rated: Exploitation Less Likely.

View: Exchange Blog: Released: May 2021 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: April 13, 2021 (KB5001779)

Download: Security Update for Exchange 2019 CU8 and CU9
Download: Security Update for Exchange 2016 CU19 and CU20
Download: Security Update for Exchange 2013 CU23

Microsoft released the April feature update of Outlook for Microsoft 365 Apps in the Current Channel (previously known as the Office 365 Monthly Channel).

There are no new features for Outlook this month but there are 6 highlighted fixes.

• We fixed an issue that caused users to experience Outlook closing unexpectedly when searching.
• We fixed an issue that caused users to see signatures disappear unexpectedly.
• We fixed an issue that could cause users to see the message that they are composing losing the UI focus.
• We fixed an issue that caused Outlook to override the Focused Inbox preferences configured in OWA.
• We fixed an issue that caused users of roaming settings to experience no response.
• We fixed an issue that caused name resolution to fail when sending on behalf of another user and resolving against an address book that is not the Global Address List.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2104 (Build 13929.20296).

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of a Microsoft 365 subscription.

It contains 6 security updates for Excel (3), Outlook (1), Word (1) and Office (1).

The details about the Outlook vulnerability;

CVE-2021-28452: Microsoft Outlook Memory Corruption Vulnerability.

• This vulnerability is currently not publicly disclosed nor exploited.
• The Preview Pane is not an attack vector.
• The Exploitability Assessment is rated: Exploitation Less Likely.

In addition, it contains 3 documented non-security fixes for Outlook Current Version 2103, 4 new features and 8 fixes for Monthly Enterprise Version 2102, and 3 fixes for Semi-Annual (Preview) Version 2102 and 2 fixes for Semi-Annual Version 2008. Most notable fixes are;

• Version 2103
  We fixed an issue that cause users to erroneously see a “This may take a while” message when adding a calendar.
• Version 2103
  We fixed an issue that caused delegates to appear as the organizer of meetings created on newly added calendars. Meetings in this state did not appear on the principal’s calendar.
• Version 2102
  We fixed an issue that caused Outlook to crash when idle.
• Version 2102
  We fixed an issue that caused users to see more signatures than expected.
• Version 2008
  We fixed an issue that caused users that have Shared or Delegated Mailboxes with large hierarchies in their profile to encounter hangs.

New features in Monthly Enterprise Version 2102 are;

• Focused Inbox settings remain the same across devices
  Your Focused Inbox preferences are now stored in the cloud. Enjoy the same experience when you use Outlook for Windows on any computer and Outlook on the web.
• Your Outlook settings in the cloud
  Choose your Outlook for Windows settings like Automatic Replies, Focused Inbox, and Privacy, and get to them on any PC.
• Pick where to search
  The new search scope drop down allows you to more easily modify your search and switch between Current Folder and Current Mailbox. Thank you to everyone in Coming Soon who provided feedback on the new Search at Top experience. This design and update came out of that feedback!
• Draft messages with your voice
  Use the new dictation toolbar, voice commands, auto-punctuation, and more to compose messages.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail
  Version 2103 (Build 13901.20400)
• Monthly Enterprise
  Version 2102 (Build 13801.20506)
  Version 2101 (Build 13628.20664)
• Semi-Annual Enterprise (Preview)
  Version 2102 (Build 13801.20506)
• Semi-Annual Enterprise
  Version 2008 (Build 13127.21506)
  Version 2002 (Build 12527.21814) 
• Outlook 2019 Volume License
  Version 1808 (Build 10373.20050)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

• CVE-2021-28452: Microsoft Outlook Memory Corruption Vulnerability.
  • This vulnerability is currently not publicly disclosed nor exploited.
  • The Preview Pane is not an attack vector.
  • The Exploitability Assessment is rated: Exploitation Less Likely.

This update contains 2 additional fixes or improvements for non-security issues;

• Fixes an issue that causes garbled email headers when Outlook uses the Chinese Simplified (GB2312) character set.
• Fixes an issue that causes inline images to disappear when you reply to a message that has a protection label from Azure Information Protection.

View: Download information for KB4486748

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5149.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.

A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

• CVE-2021-28452: Microsoft Outlook Memory Corruption Vulnerability.
  • This vulnerability is currently not publicly disclosed nor exploited.
  • The Preview Pane is not an attack vector.
  • The Exploitability Assessment is rated: Exploitation Less Likely.

View: Download information for KB4504733

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5337.1000.

A Security Update has been released for Outlook 2010. It resolves the following vulnerability;

• CVE-2021-28452: Microsoft Outlook Memory Corruption Vulnerability.
  • This vulnerability is currently not publicly disclosed nor exploited.
  • The Preview Pane is not an attack vector.
  • The Exploitability Assessment is rated: Exploitation Less Likely.

Important!
This is an extra Security Update for Outlook 2010 as it has already reached the end date for Extended Support. It is highly recommended to update to a later version of Outlook or an alternative mail client as soon as possible.

View: Download information for KB4493185

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7268.5000.

Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.

The updates fixes the following Remote Code Execution Vulnerabilities;

• CVE-2021-28480
• CVE-2021-28481
• CVE-2021-28482
• CVE-2021-28483

None of the vulnerabilities are currently publicly disclosed nor exploited. The Exploitability Assessment is rated: Exploitation More Likely.

View: Exchange Blog: Released: April 2021 Exchange Server Security Updates
View: Microsoft Security Response Center (MSRC) Blog: April 2021 Update Tuesday packages now available
View: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: April 13, 2021 (KB5001779)

Download: Security Update for Exchange 2019 CU8 and CU9
Download: Security Update for Exchange 2016 CU19 and CU20
Download: Security Update for Exchange 2013 CU23

Microsoft released the March feature update of Outlook for Microsoft 365 Apps in the Current Channel (previously known as the Office 365 Monthly Channel).

It comes with 6 new features for Outlook and 5 highlighted fixes. The new features and fixes are listed below;

• Save time while composing messages
  Outlook shows you writing suggestions that help you compose messages quickly. To accept the suggestion, just use the Tab key.
• New conference room and workspace booking experience
  The conference room booking experience has been refreshed, and with it we’ve added capabilities to allow you to schedule individual workspaces as well
• Pick where to search
  The new search scope drop down allows you to more easily modify your search and switch between Current Folder and Current Mailbox. Thank you to everyone in Coming Soon who provided feedback on the new Search at Top experience. This design and update came out of that feedback!
• Get meeting suggestions when you search for a person
  When you type a person’s name in the Search box, the most relevant email containing calendar invites will be included with your search suggestions.
• Share to Teams
  Share messages from Outlook with a person or channel in Teams.
• Draft messages with your voice
  Use the new dictation toolbar, voice commands, auto-punctuation, and more to compose messages.
• We fixed an issue that caused some users to experience Outlook to close unexpectedly when syncing folder hierarchy changes.
• We fixed an issue that caused some users to see their primary and secondary calendar switching places in the Navigation Pane.
• We fixed an issue that caused users to see more signatures than expected.
• We fixed an issue that caused some people to be unable to access signatures associated with secondary mail accounts.
• We fixed an issue that caused users of the Cloud Settings feature to see customized settings overridden by default setting after configuring Outlook on a new device.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2103 (Build 13901.20312).

Cumulative Update 9 for Exchange 2019 is now available as well as Cumulative Update 20 for Exchange 2016.

They both contain the same 12 documented new fixes or improvements, as well as all previously released fixes and security updates for their respective Exchange version and the latest DST updates. The CU for Exchange 2019 contains 3 additional fixes which did not apply to Exchange 2016.

Notable improvements, changes and fixes are;

• Includes the security updates to mitigate the zero-day vulnerabilities (HAFNIUM) which were released earlier this month.
• KB5001184 EAC has no option to select the correct tenant for an Office 365 mailbox.
• KB5001188 Incorrect MRM properties stamped on mail item delivery when sending to multiple mailboxes on the same database.
• KB5001192 Microsoft Teams fails to show calendar due to Autodiscover v2 isn’t site aware.
• KB5001195 UPN specified when creating mailbox is overwritten automatically causing login failures.
• KB4583558 PDF preview function in OWA leads to download action unexpectedly.
• KB5001181 Certain search scenario can’t return expected result in Outlook online mode in Exchange Server 2019.
• 5000631 Event IDs 1003, 1309 and 4999 are logged after installing Exchange Server 2019 CU8.

This release includes no new updates to the Active Directory Schema for Exchange 2019 and Exchange 2016.
The next planned quarterly update is in June 2021. That will be the last planned CU for Exchange 2016.

Exchange 2019: CU9 KB4602570 – VLSC Download
Exchange 2016: CU20 KB4602569 – Download – UM Language Pack
View: Blog post of the Exchange Team about CU9 for Exchange Server 2019 and CU 20 for Exchange 2016.