HowTo-Outlook

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of a Microsoft 365 subscription.

It contains 5 security updates for Excel (2), Word (2) and Office (1).

In addition, it contains 1 documented non-security fix for Outlook Current Version 2012, 6 fixes for Monthly Enterprise Version 2011, 3 fixes for Semi-Annual (Preview) Version 2008. Most notable fixes are;

• Version 2012
  We fixed an issue that caused an edited signature to fail to save after prompting the user to do so.
• Version 2011
  We fixed an issue that caused some users to see no signatures in the signatures drop down despite having one or more signatures configured.
• Version 2011
  We fixed an issue that caused inline images to disappear when replying to a message with a protection label from Azure Information Protection.
• Version 2011
  We fixed an issue that caused the original attendees of some meetings to receive a cancellation when another attendee forwards the meeting.
• Version 2008
  We fixed an issue to provide a user a way to customize justification text when overriding a policy.

Version 2008 has now also been released to the Semi-Annual Enterprise Channel and contains 8 highlighted new features and 62 fixes which have been made available already to the other release channels. Some notable new features are;

• Calendar gets a makeover
  See visual updates that make your calendar easier to scan.
• Drag email to a group you own
  Move and copy messages and conversations by dragging them from your inbox. Messages you drag will be shared with all group members.
• Better results—in a jiffy (Search field in Title Bar)
  We’ve updated the Search experience to make it smarter, faster, and more reliable than ever.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail
  Version 2012 (Build 13530.20376)
• Monthly Enterprise
  Version 2011 (Build 13426.20526)
  Version 2010 (Build 13328.20550)
• Semi-Annual Enterprise (Preview)
  Version 2008 (Build 13127.21064)
• Semi-Annual Enterprise
  Version 2008 (Build 13127.21064)
  Version 2002 (Build 12527.21504)
  Version 1908 (Build 11929.20994) 
• Outlook 2019 Volume License
  Version 1808 (Build 10370.20052)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

A Rollup Update has been released for Outlook 2016. This is a non-security update which contains the following documented fixes and improvements.

• Fixes an issue that blocks users from providing justification text when they override a policy.
• Fixes an issue that causes users to experience occasional crashes while they use Outlook.
• Fixes an issue that causes the headers of Chinese email messages to be unreadable when you reply to or forward messages.
• Adds a regkey that enables customers to disable file time inclusion for attachments in IDataObject operations (i.e. drag drop, clipboard).
  • HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Attachments
  • REG_DWORD: IncludeFileTimesInDataObject
  • 0 = file times are excluded.
  • 1 = (default) file times are included.

View: Download information for KB4493166

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5110.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.

Microsoft released the December feature update of Outlook for Microsoft 365 Apps in the Current Channel (previously known as the Office 365 Monthly Channel). This is a bit later than normal but that was of course because of the holidays; Happy New Year to all of you! 

It comes with 1 new feature for Outlook and 1 highlighted fix.

• Your Outlook settings in the cloud
  Choose your Outlook for Windows settings like Automatic Replies, Focused Inbox, and Privacy, and get to them on any PC.
  File-> Options-> General-> Store my Outlook settings in the cloud
• We fixed an issue that caused some customers to encounter a hang while loading their calendars.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2012 (Build 13530.20316).

Cumulative Update 8 for Exchange 2019 is now available as well as Cumulative Update 19 for Exchange 2016.

They both contain the same 12 documented new fixes or improvements, as well as all previously released fixes and security updates for their respective Exchange version and the latest DST updates. The CU for Exchange 2019 contain 2 additional fixes which did not apply to Exchange 2016.

Notable improvements, changes and fixes are;

• KB4588297: Attachments can’t be downloaded or previewed from Outlook Web App.
• KB4583531: Design change about inline images will be forced to download but not open in a new tab of OWA.
• KB4583532: ELC MRM archiving fails due to DomainName in AuthServer.
• KB4583535: New-Moverequest, Resume-Moverequest, and Remove-Moverequest not logged in Audit logs.
• KB4583542: Server assisted search in Outlook doesn’t return more than 175 items in Exchange Server 2019.
• KB4583544: Lots of LDAP requests for FE MAPI w3wp lead to DDoS on DCs in Exchange Server 2019.
• KB4593465: Description of the security update for Microsoft Exchange Server 2019 and 2016: December 8, 2020

This release includes new updates to the Active Directory Schema for both Exchange 2019 and Exchange 2016.
The next planned quarterly update is in March 2021.

Exchange 2019: CU8 KB4588885 – VLSC Download
Exchange 2016: CU19 KB4588884 – Download – UM Language Pack
View: Blog post of the Exchange Team about CU8 for Exchange Server 2019 and CU 19 for Exchange 2016.

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of a Microsoft 365 subscription.

It contains 8 security updates for Excel (6), Outlook (1) and PowerPoint (1).

The details about the Outlook vulnerability;

• CVE-2020-17119: Microsoft Outlook Information Disclosure Vulnerability
  The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.
  Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited.
  The Preview Pane is not an attack vector.

In addition, it contains no documented non-security fixes for Outlook Current Version 2011 (but there were 2 fixes last week), 2 features and 9 fixes for Monthly Enterprise Version 2010, 8 fixes for Semi-Annual (Preview) Version 2008 and 1 fix for Semi-Annual Enterprise Version 2002. Most notable fixes are;

• Version 2011 and Version 2010
  We fixed an issue that caused the original attendees of some meetings to receive a cancellation when another attendee forwards the meeting.
• Version 2011 and Version 2010
  We fixed an issue that caused some users to see no signatures in the signatures drop down despite having one or more signatures configured.
• Version 2010 – User Experience Updates for Tasks
  A visual refresh of task items.
• Version 2010 – Switch Office themes automatically
  Office can automatically switch themes to match your Windows 10 theme settings.
  File > Office Account and choose “Use system setting” under the Office Theme drop-down.
• Version 2008
  We fixed an issue that caused inline images to disappear when replying to a message with a protection label from Azure Information Protection.
• Version 2008
  We fixed an issue that caused the user name to be displayed as a phone number when sending an Azure Protected Voicemail, causing Outlook Desktop users to be unable to open voicemails from external users.
• Version 2008 and Version 2002
  We fixed an issue where setting up OME Configuration was adding an extraneous attachments on the mail item which was forcing Outlook to Encrypt the message even though the DecryptAttachmentsForEncryptOnly option was setup on the service side.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail
  Version 2011 (Build 13426.20332)
• Monthly Enterprise
  Version 2010 (Build 13328.20478)
  Version 2009 (Build 13231.20620)
• Semi-Annual Enterprise (Preview)
  Version 2008 (Build 13127.20910)
• Semi-Annual Enterprise
  Version 2002 (Build 12527.21416)
  Version 1908 (Build 11929.20984) 
• Outlook 2019 Volume License
  Version 1808 (Build 10369.20032)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

• CVE-2020-17119: Microsoft Outlook Information Disclosure Vulnerability
  The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.
  Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited.
  The Preview Pane is not an attack vector.

This update contains 4 additional fixes or improvements for non-security issues;

• Fixes an issue in which some users see Outlook start in an Offline state unless they manually select to work online.
• Fixes an issue in the public API MAPISendMail or MAPISendMailW that occurs if the “lpszSubject” member of a MapiMessage or MapiMessageW structure is blank.
• Fixes an issue that causes the current time indicator to get out of sync when users view multiple calendars.
• Fixes an issue in which the “otherTelephone” and “otherHomePhone” attributes for Active Directory users are not mapped to the corresponding Outlook Lightweight Directory Access Protocol (LDAP) attributes.

View: Download information for KB4486748

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5095.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.

A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

• CVE-2020-17119: Microsoft Outlook Information Disclosure Vulnerability
  The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.
  Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited.
  The Preview Pane is not an attack vector.

View: Download information for KB4486732

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5285.1000.

A Security Update has been released for Outlook 2010. It resolves the following vulnerability;

• CVE-2020-17119: Microsoft Outlook Information Disclosure Vulnerability
  The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.
  Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited.
  The Preview Pane is not an attack vector.

Important!
This is an extra Security Update for Outlook 2010 as it has already reached the end date for Extended Support. It is highly recommended to update to a later version of Outlook or an alternative mail client as soon as possible.

View: Download information for KB4484363

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7261.5000.

Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.

• CVE-2020-17117: Microsoft Exchange Remote Code Execution Vulnerability
• CVE-2020-17132: Microsoft Exchange Remote Code Execution Vulnerability
• CVE-2020-17141: Microsoft Exchange Remote Code Execution Vulnerability (does not apply to Exchange 2013)
• CVE-2020-17142: Microsoft Exchange Remote Code Execution Vulnerability
• CVE-2020-17143: Microsoft Exchange Information Disclosure Vulnerability
• CVE-2020-17144: Microsoft Exchange Remote Code Execution Vulnerability (only applies to Exchange 2010)

None of the vulnerabilities are currently publicly disclosed nor exploited. The Exploitability Assessment is rated: Exploitation Less Likely.

View: Description of the security update for Microsoft Exchange Server 2019 and 2016: December 8, 2020
View: Description of the security update for Microsoft Exchange Server 2013: December 8, 2020
View: Description of the security update for Microsoft Exchange Server 2010 Service Pack 3: December 8, 2020
Download: Security Update For Exchange Server 2019 CU7 (KB4593465)
Download: Security Update For Exchange Server 2019 CU6 (KB4593465)
Download: Security Update For Exchange Server 2016 CU18 (KB4593465)
Download: Security Update For Exchange Server 2016 CU17 (KB4593465)
Download: Security Update For Exchange Server 2013 CU23 (KB4593466)
Download: Update Rollup 3 For Exchange 2010 SP3 (KB4593467)

Microsoft released the November feature update of Outlook for Microsoft 365 Apps in the Current Channel (previously known as the Office 365 Monthly Channel). This is a bit earlier than normal but that is because Thanksgiving is this week.

It comes with 3 new features for Outlook and 4 highlighted fixes. The new features and fixes are listed below;

• SVG Clipboard Support
  You can now paste SVG content from Office into 3rd party apps.
• Switch Office themes automatically
  Office can automatically switch themes to match your Windows 10 theme settings.
  File > Office Account and choose “Use system setting” under the Office Theme drop-down.
• User Experience Updates for Tasks
  A visual refresh of task items.
• We fixed an issue that caused the To field to be blank when sending a status report on a task.
• We fixed an issue that caused the MailItem.BeforeAttachmentAdd event to be broken.
• We added a regkey that allows customers to disable filetime inclusion for attachments in IDataObject operations (i.e. drag drop, clipboard).
  • HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Attachments
  • REG_DWORD: IncludeFileTimesInDataObject
  • 0 = filetimes are excluded.
  • 1 = (default) filetimes are included.
• We fixed an issue that caused inline images to disappear when replying to a message with a protection label from Azure Information Protection.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2011 (Build 13426.20274).