HowTo-Outlook

A Security Update has been released for Outlook 2010. It resolves the following vulnerability;

• CVE-2020-16949: Microsoft Outlook Denial of Service Vulnerability
  A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.
  Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server.
  The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.

Important!
This is the last scheduled Security Update for Outlook 2010 as it has now reached the end date for Extended Support. It is highly recommended to update to a later version of Outlook or an alternative mail client as soon as possible.

View: Download information for KB4486663

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7261.5000.

Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.

• CVE-2020-16969: Microsoft Exchange Information Disclosure Vulnerability
  An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.
  To exploit the vulnerability, an attacker could include specially crafted OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems.
  The security update corrects the way that Exchange handles these token validations.

View: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: October 13, 2020
Download: Security Update For Exchange Server 2019 CU7 (KB4581424)
Download: Security Update For Exchange Server 2019 CU6 (KB4581424)
Download: Security Update For Exchange Server 2016 CU18 (KB4581424)
Download: Security Update For Exchange Server 2016 CU17 (KB4581424)
Download: Security Update For Exchange Server 2013 CU23 (KB4581424)

Right before the end of September Microsoft released the September feature update of Outlook for Microsoft 365 Apps in the Current Channel (previously known as the Office 365 Monthly Channel).

It comes with 2 new features for Outlook and 1 highlighted fix. It also includes the 2 fixes included in last week’s bug fix for Version 2008. The new features and fixes are listed below;

• Auto-Expanding Online Archive Search
  Enabling auto-expanding Online Archive Search
• New profile card for Outlook
  New profile card for Outlook including a better Organization view and matches the card style of Outlook Web.
• Addresses an issue that caused some automatically generated emails to be sent with a blank body when the subject line is blank.
• Addresses an issue that caused users to be unable to close shared calendars by clicking on the “X” in the corner.
• Addresses a performance issue with attachment upload.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2009 (Build 13231.20262).

Cumulative Update 7 for Exchange 2019 is now available as well as Cumulative Update 18 for Exchange 2016

They both contain the same 14 documented new fixes or improvements, as well as all previously released fixes and security updates for their respective Exchange version and the latest DST updates. The CU for Exchange 2019 also includes an updated Sizing Calculator.

Notable improvements, changes and fixes are;

• KB4570251: Inbox rule applying a personal tag doesn’t stamp RetentionDate.
• KB4576650: Can’t add remote mailbox when setting email forwarding in Hybrid environment.
• KB4570247: CSV log of Discovery export fails to properly escape target path field.
• KB4570254: MSExchangeMapiMailboxAppPool causes prolonged 100% CPU.
• KB4563416: Can’t view Online user free/busy status.
• KB4576651: Can’t join Teams meetings from Surface Hub devices.
• KB4577352: Description of the security update for Microsoft Exchange Server 2019 and 2016: September 8, 2020.

This release includes no new updates to the Active Directory Schema.
The next planned quarterly update is in December 2020.

Exchange 2019: CU7 KB4571787 – VLSC Download
Exchange 2016: CU18 KB4571788 – Download – UM Language Pack
View: Blog post of the Exchange Team about CU7 for Exchange Server 2019 and CU 18 for Exchange 2016.

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of a Microsoft 365 subscription.

It contains 9 security updates for Excel (4), Outlook (2), Word (3) and Office (2).

In addition, it contains no documented non-security fixes for Outlook Current Version 2008, 2 features and 10 fixes for Monthly Enterprise 2007, 8 features and 42 fixes for a completely new Semi-Annual (Preview) Version 2008, 1 fix for Semi-Annual 2002. Most notable are;

• Version 2007 –  Incident Notification for IT Admins
  Microsoft 365 tenant global administrators and Office Apps Administrators will be notified about Outlook and O365 Exchange incidents affecting their users with a new right-side panel notification in Outlook for Windows.

• Version 2007 – Quickly reopen items from previous session
  We added an option to quickly reopen items from a previous Outlook session. Whether Outlook crashes or you close it, you’ll now be able to quickly relaunch items when you reopen the app. This feature is on by default. To turn it off, go to Options > General > Start up Options.

  

• Version 2007
  Addressed an issue that caused outlook users to see issues with navigation in compact views.
• Version 2007
  Addressed an issue that caused the Scheduling Assistant page to fail to display.
• Version 2007
  Addressed an issue that caused Outlook to fail to retrieve search suggestions.
• Version 2002
  Fixes an issue that caused users to be unable to connect to Public Folders after adding a shared mailbox.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail
  Version 2008 (Build 13127.20408)
• Monthly Enterprise
  Version 2007 (Build 13029.20534)
  Version 2006 (Build 13001.20648)
• Semi-Annual Enterprise (Preview)
  Version 2008 (Build 13127.20408)
• Semi-Annual Enterprise
  Version 2002 (Build 12527.21104)
  Version 1908 (Build 11929.20946) 
• Outlook 2019 Volume License
  Version 1808 (Build 10366.20016)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

A Rollup Update has been released for Outlook 2016. This is a non-security update which contains the following documented improvements and fixes.

• Fixes an issue that causes the SharePoint site option not to appear under Attach File > Browse Web Locations.
  Note To fix this issue, you must install KB4484395 together with this update.
• Fixes an issue for Calendar Overlay users that causes Outlook to default to the last-added calendar instead of the primary calendar when they switch to the calendar module.
• Fixes an issue that causes users to be unable to turn off the Outlook Today functionality.
• Changes the default fallback encryption from 3DES to AES256. The default fallback encryption is chosen if the recipients’ certification doesn’t have Secure/Multipurpose Internet Mail Extensions (S/MIME) capabilities published to the certificate.

View: Download information for KB4484511

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5056.1000. This update does not apply to Perpetual and Microsoft 365 based installations of Office 2016.

Security updates have been released for Exchange 2016 and Exchange 2019.

• CVE-2020-16875: Microsoft Exchange Memory Corruption Vulnerability
  A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.
  Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.
  The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.

View: Description of the security update for Microsoft Exchange Server 2019 and 2016: September 8, 2020
Download: Security Update For Exchange Server 2019 CU6 (KB4577352)
Download: Security Update For Exchange Server 2019 CU5 (KB4577352)
Download: Security Update For Exchange Server 2016 CU17 (KB4577352)
Download: Security Update For Exchange Server 2016 CU16 (KB4577352)

On the final day of August, Microsoft released the August feature update of Outlook for Microsoft 365 Apps in the Current Channel (previously known as the Office 365 Monthly Channel).

It comes with 2 new features for Outlook and 13 highlighted fixes (of which 2 were also included in last week’s bug fix release for Version 2007). The new features and notable fixes are listed below;

• Improved links in email
  When you include a link to a file, the file name replaces the URL. You can change permissions so all recipients have access.
• Natural Language Support in Search
  With the implementation of Natural Language Support in Search, users can easily filter their search results without remembering specific search syntax.
• Fixes an issue that caused users who attempted to create a meeting request from a secondary account added to their profile to not see a blank From: field instead of their email address.
• Addressed an issue that caused meetings to fail to be removed from a manager’s calendar when declined by a delegate in some circumstances.
• Fixes an issue that caused users to experience occasional crashes when interacting with Cloud attachments.
• Addressed an issue that caused users of some character sets to see file names display incorrectly when adding a Smart Link to a SharePoint file.
• Addressed an issue that caused some users to see the Scheduling Assistant page fail to display.
• Fixes an issue that caused users to see anomalies when using the compact view.
• Addressed an issue that caused the right-click context menu to fail to appear in the search controls.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2008 (Build 13127.20296).