HowTo-Outlook

The July security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 3 security updates for Access, (1), Outlook (1), and Shared Office Components (1). The details about the Outlook vulnerability can be found below;

• CVE-2024-38020: Microsoft Outlook Spoofing Vulnerability
  • This vulnerability is currently not publicly disclosed nor exploited.
  • Exploitation of the vulnerability requires that a user opens a specifically crafted file.
  • An attacker who successfully exploited this vulnerability could allow the disclosure of NTLM hashes. 
  • The Preview Pane is not an attack vector.
  • The Exploitability Assessment is rated: Exploitation Less Likely.

In addition, it contains 2 non-security fixes related to Outlook Current Channel Version 2406, and 10 fixes related to Outlook Monthly Enterprise Version 2405.

• Version 2506
  • We resolved an issue where characters don’t appear correctly in Text Box Gallery.
  • Resolved an issue when assigning a Task in Outlook, characters may not render correctly. (Word)
• Version 2505
  • We fixed an issue that caused Outlook users with E3 licenses to be unable to open protected meeting invitations without going to the web.
  • We fixed an issue that caused users to see no prompt to send updates to attendees after removing attendees from a meeting on a shared calendar where the location of the meeting was set.
  • We fixed an issue that caused users to see incorrect label information when they had 2 or more email windows open while a message with a label was displayed in the preview pane.
  • We fixed an issue that caused the “Edit Meeting” button to disappear when a series exception is the first item opened in the Outlook session.
  • We fixed an issue that caused Outlook to exit unexpectedly when using Copilot Summarize.
  • We fixed an issue that caused users to be unable to view the “Permission granted by” information on Digitally Rights Managed messages.
  • We fixed an issue that caused users to be unable to open some search results when searching their Online Archive.
  • We added support for converting some COM add-ins to Web add-ins.
  • We fixed an issue that prevented users from sending mail for a few hours after updating add-ins with on-send events.
  • Resolved an issue in Outlook where background images wouldn’t render correctly, requiring the user to scroll or click into the message for the image to appear. (Word)

Version 2402 has now also been released to the Semi-Annual Enterprise Channel but currently without any Release Notes. However, going by the Release Notes of the Preview releases, there are no new features for Outlook this time.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
  Version 2406 (Build 17726.20160)
• Monthly Enterprise
  Version 2405 (Build 17628.20188)
  Version 2404 (Build 17531.20210)
• Semi-Annual Enterprise (Preview)
  Version 2402 (Build 17328.20452)
• Semi-Annual Enterprise
  Version 2402 (Build 17328.20452)
  Version 2308 (Build 16731.20738)
  Version 2302 (Build 16130.21042) 
• Outlook LTSC 2021
  Version 2108 (Build 14332.20736)
• Outlook 2019 Volume Licensed
  Version 1808 (Build 10412.20006)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

• CVE-2024-38020: Microsoft Outlook Spoofing Vulnerability
  • This vulnerability is currently not publicly disclosed nor exploited.
  • Exploitation of the vulnerability requires that a user opens a specifically crafted file.
  • An attacker who successfully exploited this vulnerability could allow the disclosure of NTLM hashes. 
  • The Preview Pane is not an attack vector.
  • The Exploitability Assessment is rated: Exploitation Less Likely.

View: Download information for KB5002621

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5456.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.

Microsoft has released the June 2024 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

Just like last month, there is no new feature for any of the Office applications. Also, it looks like 2 Outlook fixes from the previous month got revised, most likely to account for additional scenarios in which the error could occur. 

In total, there are 4 fixes for Outlook and 1 fix in Word that also relates to Outlook.

• We fixed an issue that prevented users from sending mail for a few hours after add-ins with on-send events were updated.
• We fixed an issue that caused Outlook to exit unexpectedly shortly after launch for some users.
• We fixed an issue that caused users to see Outlook exit unexpectedly when declining a meeting and sending a response.
• We fixed an issue that caused Outlook to close unexpectedly when using Copilot Summarize.
• Resolved an issue in Word where pasting data from Word or Excel to an Outlook template as a link would give an error message. (Word)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2406 (Build 17726.20126).

The June security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 4 security updates for Outlook (1), Word (1), and Shared Office Components (2). The details about the Outlook vulnerability can be found below;

CVE-2024-30103: Microsoft Outlook Remote Code Execution Vulnerability

• This vulnerability is currently not publicly disclosed nor exploited.
• Exploitation of the vulnerability requires the attacker to be authenticated using valid Exchange user credentials.
• An attacker who successfully exploited this vulnerability could bypass Outlook registry block lists and enable the creation of malicious DLL files. 
• The Preview Pane is an attack vector.
• The Exploitability Assessment is rated: Exploitation Less Likely.

In addition, it contains 1 non-security fix related to Outlook Current Channel Version 2405, 10 fixes related to  Outlook Monthly Enterprise Version 2404, and 3 fixes related to Outlook Semi-Annual (Preview) Version 2402.

• Version 2405
  • We fixed an issue that prevented users from sending mail for a few hours after updating add-ins with on-send events.
• Version 2404
  • We fixed an issue where the app closed unexpectedly using the Scheduling Assistant when creating a new meeting or viewing an existing meeting.
  • We fixed an issue that caused Outlook to exit unexpectedly when using Copilot Summarize.
  • We fixed an issue where custom forms from MAPI form servers stopped responding.
  • We fixed an issue where users were unable to recall a message sent in Outlook.
  • We fixed an issue that caused Outlook to exit unexpectedly when clicking on the [Organization] tab in the Hierarchical Address Book while Narrator is running.
  • We fixed an issue that caused users to intermittently be unable to move items to their Online Archive.
  • We fixed an issue that caused the first PolicyTip to take a long time to appear after starting Outlook.
  • We fixed an issue that caused Sovereign users to be unable to create ToDo tasks from Outlook.
  • We fixed an issue that caused users to be prompted to save messages that had no changes when the message was opened in a previous Outlook session.
  • We fixed an issue that caused add-in developers to hit timeouts when retrieving notifications from an Outlook client context.
• Version 2402
  • We fixed an issue that caused developers using the office.js API Office.context.mailbox.item.notificationMessages.getAllAsync in a launch event add-in to see calls stop responding when a notification message exists that doesn’t contain an action with a contextData property.
  • We fixed an issue that caused some users to be unable to create ToDo tasks from Outlook.
  • We fixed an issue that caused Outlook to exit unexpectedly when using Copilot Summarize.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
  Version 2405 (Build 17628.20144)
• Monthly Enterprise
  Version 2404 (Build 17531.20190)
  Version 2403 (Build 17425.20258)
• Semi-Annual Enterprise (Preview)
  Version 2402 (Build 17328.20414)
• Semi-Annual Enterprise
  Version 2308 (Build 16731.20716)
  Version 2302 (Build 16130.21026) 
• Outlook LTSC 2021
  Version 2108 (Build 14332.20721)
• Outlook 2019 Volume Licensed
  Version 1808 (Build 10411.20011)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

• CVE-2024-30103: Microsoft Outlook Remote Code Execution Vulnerability
  • This vulnerability is currently not publicly disclosed nor exploited.
  • Exploitation of the vulnerability requires the attacker to be authenticated using valid Exchange user credentials.
  • An attacker who successfully exploited this vulnerability could bypass Outlook registry block lists and enable the creation of malicious DLL files. 
  • The Preview Pane is an attack vector.
  • The Exploitability Assessment is rated: Exploitation Less Likely.

View: Download information for KB5002600

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5450.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.

Microsoft has released the May 2024 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

There is no new feature for any of the Office applications but there is finally a fix for needing to send meeting updates to everyone.

In total, there are 10 fixes for Outlook and 1 fix in Word that also relates to Outlook.

• We fixed an issue that caused users to be unable to open some search results when searching their Online Archive.
• We fixed an issue that caused users to be unable to view the “Permission granted by” information on Digitally Rights Managed messages.
• We fixed an issue that caused Outlook to exit unexpectedly when using Copilot Summarize.
• We fixed an issue that caused users to see no prompt to send updates to attendees after removing attendees from a meeting on a shared calendar where the location of the meeting was set.
• We fixed an issue that caused updates made by delegates to the “Show As” setting on a manager’s calendar fail to be persisted after clicking “Send Update.”
• We fixed an issue that caused draft messages with inline images to be converted to plain text when saving as an .MSG file.
• We fixed an issue that caused the “Edit Meeting” button to disappear when a series exception is the first item opened in the Outlook session.
• We fixed an issue that caused users to see incorrect label information when they had 2 or more email windows open while a message with a label was displayed in the preview pane.
• We fixed an issue that caused Outlook users with E3 licenses to be unable to open protected meeting invitations without going to the web.
• We added support for converting some COM add-ins to Web add-ins.
• Note: This can be disabled via a Group Policy Setting;
  Outlook-> Miscellaneous-> Disable web add-in installation on migration to new Outlook for Windows
• Resolved an issue in Outlook where background images wouldn’t render correctly, requiring the user to scroll or click into the message for the image to appear. (Word)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2408 (Build 17628.20110).

The May security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 1 security update for Excel.

In addition, it contains 4 non-security fixes related to Outlook Current Channel Version 2404, 11 fixes related to  Outlook Monthly Enterprise Version 2403, 4 fixes related to Outlook Semi-Annual (Preview) Version 2402, and 1 fix related to Outlook Semi-Annual Version 2308.

• Version 2404
  • We fixed an issue that caused Sovereign users to be unable to create ToDo tasks from Outlook.
  • We fixed an issue that caused the first PolicyTip to take a long time to appear after starting Outlook.
  • We fixed an issue where the app closed unexpectedly using the Scheduling Assistant when creating a new meeting or viewing an existing meeting.
  • We fixed an issue that caused add-in developers to hit timeouts when retrieving notifications from an Outlook client context.
• Version 2403
  • We fixed an issue that caused Outlook to exit unexpectedly when attaching an Outlook item from the Insert tab.
  • We fixed an issue that affected all-day meetings with a reminder on the day of. The meeting did not open, and an error message was displayed.
  • We fixed an issue where Office add-ins disappeared from the ribbon.
  • We fixed an issue with user and shared mailboxes where a message sent from a user with saved to Sent Items folder enabled and where DelegateSentItemsStyle is set to 1 is saved in the shared mailbox Sent Items folder.
  • We fixed an issue that caused some users to receive a Non Delivery Report when attempting to reply to or forward a message.
  • We fixed an issue that prevented users from receiving emails created using Mail Merge. (Word)
  • We fixed an issue where a mandatory sensitivity label was not applied or prompted for if an email was sent from the Drafts-folder. (Office)
• Version 2403 and Version 2402
  • We fixed an issue that caused some users to see no search results in Org Explorer.
  • We fixed an issue that caused Outlook to take longer to boot than expected.
  • We fixed an issue that caused users with on premise mailboxes to see no web add-ins in Outlook.
  • We fixed an issue where the older format of an add-in was being launched instead of the newer format whenever a user tried to run the add-in from an Actionable Message.
• Version 2308
  • We fixed an issue in Insert Object for Outlook. (Word)

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
  Version 2404 (Build 17531.20152)
• Monthly Enterprise
  Version 2403 (Build 17425.20236)
  Version 2402 (Build 17328.20346)
• Semi-Annual Enterprise (Preview)
  Version 2402 (Build 17328.20346)
• Semi-Annual Enterprise
  Version 2308 (Build 16731.20674)
  Version 2302 (Build 16130.20990) 
• Outlook LTSC 2021
  Version 2108 (Build 14332.20706)
• Outlook 2019 Volume Licensed
  Version 1808 (Build 10410.20026)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

A Cumulative Update has been released for Outlook 2016. It resolves the following issues;

• Users can’t recall a message in some environments.
• Users can’t resolve synchronization conflicts.
• Users can’t load forms from third-party MAPI forms servers.

View: Download information for KB5002593

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5446.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.

Microsoft has released the April 2024 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

There is no new feature for Outlook, but OneNote got a nice tweak in case you use the Full Page View but also would like continue to see the Windows Taskbar.

• File-> Options-> Display-> Always show the Windows taskbar when in Full Page View

There are 9 fixes for Outlook and 1 fix in Word that also relates to Outlook.

• We fixed an issue that caused users to be prompted to save messages that had no changes when the message was opened in a previous Outlook session.
• We fixed an issue that caused some users to see no search results in Org Explorer.
• We fixed an issue that caused Outlook to take longer to boot than expected.
• We fixed an issue that caused users with on premise mailboxes to see no web add-ins in Outlook.
• We fixed an issue that caused Outlook to exit unexpectedly when clicking on the Organization tab in the Hierarchical Address Book while Narrator is running.
• We fixed an issue that caused users to intermittently be unable to move items to their Online Archive.
• We fixed an issue where users were unable to recall a message sent in Outlook.
• We fixed an issue where custom forms from MAPI form servers stopped responding.
• We fixed an issue where the older format of an add-in was being launched instead of the newer format whenever a user tried to run the add-in from an Actionable Message.
• We fixed an issue that caused Outlook to exit unexpectedly when attempting to undo a change in a draft after switching from an account that has automatic signatures to an account that does not have a signature configured. (Word)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2308 (Build 17531.20120).

The Exchange Team has gone nostalgic and removed the dust of the “Hotfix” moniker.

A Hotfix Update is an optional update which doesn’t contain any new security fixes but does contain high priority fixes for one or more issues (usually introduced with the latest Security Update). In this case, it even includes 2 new features as well.

• Support for ECC certificates
  ECC certificates are now supported, except when used in Active Directory Federation Services (AD FS) scenarios.
• Hybrid Modern Authentication (HMA) for OWA/ECP
  This feature requires Exchange 2019 CU14. To enable see; Enable Hybrid Modern Authentication for OWA and ECP.

The following issues introduced in the March 2024 SU are now fixed;

• Download domains not working after installing the March 2024 SU
• “We can’t open this document” error in OWA after installing March 2024 SU
• Search error in Outlook cached mode after installing March 2024 SU
• OwaDeepTestProbe and EacBackEndLogonProbe fail after installing March 2024 SU
• Edit permissions option in the ECP can’t be edited
• Outlook doesn’t display unread envelope icon after installing Microsoft Exchange Server March 2024 SU
  • Note: the fix resolves this issue for new messages, after April 2024 HU or later is installed.
• My Templates add-in isn’t working after installing Microsoft Exchange Server March 2024 SU
• Published calendars might not work with a “This calendar isn’t available” error after installing March 2024 SU

The remaining issue introduced in the March 2024 SU will be fixed in a future update;

• Calendar printing in OWA might not work unless CTRL+P keyboard shortcut is used.

View: Exchange Blog: Released: April 2024 Exchange Server Hotfix Updates
View: Hotfix update for Exchange Server 2019 and 2016: April 23, 2024 (KB5037224)

Exchange 2019 CU14 HU2 – Download
Exchange 2019 CU13 HU6 – Download
Exchange 2016 CU23 SU12 – Download