HowTo-Outlook

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of a Microsoft 365 subscription.

It contains 6 security updates for Excel (3), Word (1) and Office (2).

In addition, it contains 1 documented non-security fix for Outlook Current Version 2010, 7 fixes for Monthly Enterprise Version 2009, 8 fixes for Monthly Enterprise Version 2008, 8 fixes for Semi-Annual (Preview) Version 2008 and 2 fixes for Semi-Annual Enterprise Version 2002. Most notable fixes are;

• Version 2008, Version 2009 and Version 2010
  We fixed an issue that caused users to be unable to grant Editor permission to their delegates.
• Version 2009
  Addressed an issue that caused some users to observe Outlook unexpectedly starting in an offline state.
• Version 2008 and Version 2009
  We fixed an issue that caused users to experience the application to terminate unexpectedly when selecting a search result.
• Version 2008
  We fixed an issue where users can now disable IRM (Information Rights Management) for Outlook without having to disable it for the rest of the Office applications.
• Version 2002 and 2008
  We fixed an issue where optional connected experiences blocked web add-ins from loading.
• Version 2002
  We fixed an issue that caused users to be unable to send as or on behalf of a Distribution List that was hidden from the Global Address List.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail
  Version 2010 (Build 13328.20356)
• Monthly Enterprise
  Version 2009 (Build 13231.20514)
  Version 2008 (Build 13127.20760)
• Semi-Annual Enterprise (Preview)
  Version 2008 (Build 13127.20760)
• Semi-Annual Enterprise
  Version 2002 (Build 12527.21330)
  Version 1908 (Build 11929.20974) 
• Outlook 2019 Volume License
  Version 1808 (Build 10368.20035)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

A Rollup Update has been released for Outlook 2016. This is a non-security update which contains the following documented improvement.

• This update changes the default signature hash algorithm for Secure/Multipurpose Internet Mail Extensions (S/MIME) messages and enables the administrator to manage them by using the following registry keys; UseAlternateDefaultHashAlg, DefaultHashOID and DefaultHashParam.

View: Download information for KB4486720

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5071.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.

Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.

• CVE-2020-17083: Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2020-17084: Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2020-17085: Microsoft Exchange Server Denial of Service Vulnerability

None of the vulnerabilities are currently publicly disclosed nor exploited. The Exploitability Assessment is rated: Exploitation Less Likely.

View: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: November 10, 2020
Download: Security Update For Exchange Server 2019 CU7 (KB4588741)
Download: Security Update For Exchange Server 2019 CU6 (KB4588741)
Download: Security Update For Exchange Server 2016 CU18 (KB4588741)
Download: Security Update For Exchange Server 2016 CU17 (KB4588741)
Download: Security Update For Exchange Server 2013 CU23 (KB4588741)

Microsoft released the October feature update of Outlook for Microsoft 365 Apps in the Current Channel (previously known as the Office 365 Monthly Channel).

It comes with 2 new features for Outlook and 5 highlighted fixes. It also includes the 3 fixes included in last week’s bug fix for Version 2009. The new features and fixes are listed below;

• Insert your iPhone photos directly into Office
  HEIC pictures from your phone now insert seamlessly into Office. No conversion required.
• Grammar checking’s got your back
  Outlook marks grammar errors as you type, so you can apply suggestions with a single click. There is an off switch for this as well.
• We fixed an issue that caused the headers of Chinese messages to be unreadable when replying or forwarding.
• We fixed an issue that caused Chinese characters to get changed to question marks when saving as an OFT file.
• We fixed an issue that caused Outlook to create a second empty signature for people who had cloud settings enabled.
• We fixed an issue that caused Cloud Settings not to be turned on for users by default.
• We fixed an issue that caused changes to a user’s signature to fail to save.
• We fixed an issue that caused users to be unable to grant Editor permission to their delegates.
• We fixed an issue that caused users to experience the application to terminate unexpectedly when selecting a search result.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2010 (Build 13328.20292).

As part of the Office Insider Spotlight series, I got interviewed by the people of the Office Insiders blog.

The Office Insiders blog is the official blog from Microsoft highlighting upcoming changes in the Office applications as part of a Microsoft 365 subscription.

As an active Office Insider, they thought it would be nice to catch up with me and asked me the following questions;

• Tell us about why you love the Office Insider program.
• What is something you’ve created because of the Office Insider program?
• Tell us about your journey in tech.
• What aspects of technology inspire you the most?
• What is one word that best describes how you work?
• Which superhero character do connect with in real life?
• What movies or books or other forms of art inspire you the most?

Many thanks to Armelle O’Neal and Jerriann Sullivan of the Office Insiders blog for this opportunity and promoting the MVPs and Office Insiders.

View: Office Insider Spotlight: Robert Sparnaaij

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of a Microsoft 365 subscription.

It contains 13 security updates for Access (1), Excel (3), Outlook (2), Word (1) and Office (6).

The Details about the Outlook vulnerabilities;

• CVE-2020-16947: Microsoft Outlook Remote Code Execution Vulnerability
  A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
  Note that the Preview Pane is an attack vector for this vulnerability.
  The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.
• CVE-2020-16949: Microsoft Outlook Denial of Service Vulnerability
  A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.
  Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server.
  The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.

In addition, it contains no documented non-security fixes for Outlook Current Version 2009 (but there were 3 fixes last week), 2 features and 15 fixes for Monthly Enterprise 2008 and 4 fixes for Semi-Annual (Preview) Version 2008. Most notable are;

• Version 2008 – Create polls in Outlook with Quick Poll
  Easily create a poll, collect votes, and view results within an email. 
• Version 2008 – New profile card for Outlook
  New profile card for Outlook including a better Organization view and matches the card style of Outlook Web.
• Version 2009
  Addresses an issue that caused some users to observe Outlook unexpectedly starting in an offline state.
• Version 2008
  Addresses an issue that caused users to be unable to close shared calendars by clicking on the “X” in the corner.
• Version 2008
  Fixes an issue that caused users to see anomalies when using the compact view.
• Version 2008
  Addressed an issue that caused meetings to fail to be removed from a manager’s calendar when declined by a delegate in some circumstances.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail
  Version 2009 (Build 13231.20390)
• Monthly Enterprise
  Version 2008 (Build 13127.20638)
  Version 2007 (Build 13029.20708)
• Semi-Annual Enterprise (Preview)
  Version 2008 (Build 13127.20638)
• Semi-Annual Enterprise
  Version 2002 (Build 12527.21236)
  Version 1908 (Build 11929.20966) 
• Outlook 2019 Volume License
  Version 1808 (Build 10367.20048)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

• CVE-2020-16949: Microsoft Outlook Denial of Service Vulnerability
  A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.
  Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server.
  The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.

This update contains 4 additional fixes or improvements for non-security issues;

• Fixes an issue that causes Outlook to intermittently crash when users interact with calendar items.
• Fixes an issue to correctly block users from being able to forward multiple selected messages that have the “Do Not Forward” policy applied.
• Fixes an issue in which the “LegacyExchangeDN” value for an email sender is preserved and displayed in the “From” field after a draft of the email is moved from a mailbox that has assistant permissions to the manager’s mailbox.
• Fixes an issue that causes the computers of some users to fail when they connect through MAPI/HTTP.

View: Download information for KB4486671

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5071.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.

A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

• CVE-2020-16949: Microsoft Outlook Denial of Service Vulnerability
  A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.
  Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server.
  The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.

View: Download information for KB4484524

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5285.1000.