Outlook 2016 / 2019 / 365 Update for August 2020

News

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of a Microsoft 365 subscription.

It contains 13 security updates for Access (1), Excel (5), Outlook (2), Word (3) and Office (2). The Details about the Outlook vulnerability;

  • CVE-2020-1483: Microsoft Outlook Memory Corruption Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.
  • CVE-2020-1493: Microsoft Outlook Information Disclosure Vulnerability
    An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.
    To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting.
    The security update addresses the vulnerability by correcting how Outlook handles file attachment links.

In addition, it contains 2 documented non-security fixes for Outlook Current, 4 features and 7 fixes for Monthly Enterprise 2005, 1 for Semi-Annual 2002. Most notable fixes are;

  • Version 2007
    Addressed an issue that caused Outlook to fail to retrieve search suggestions.
  • Version 2007
    Addressed an issue that caused users to occasionally crash when retrieving persona information.
  • Version 2006 –  New option to disable @ mention suggestions when composing mail in Outlook
    Do you find the @ mention picker more annoying than useful? Now you can turn it off if you prefer.
    File-> Options-> Mail-> section: Send Messages-> Suggest names to mention when I use the @ symbol in a message.
  • Version 2006 – Keep your pictures high fidelity when sending them as part of an email
    A new Outlook setting is available to limit picture compression when you send pictures as part of the email contents.
    File-> Options-> Mail-> Editor Options…-> Advanced-> enable: Do not compress images in file
  • Version 2006
    Addresses an issue that caused users to see the creation date of attachments that they copied to their file system via drag and drop getting set to January 1, 4501.
  • Version 2002
    Addressed an issue that caused a significant performance issue when starting Outlook for some tenants.

Based on your release channel, you’ll be updated to the following version;

  • Microsoft 365, Outlook 2016 Retail, Outlook 2019 Retail
    Version 2007 (Build 13029.20344)
  • Monthly Enterprise
    Version 2006 (Build 13001.20520)
    Version 2005 (Build 12827.20656)
  • Semi-Annual Enterprise (Preview)
    Version 2002 (Build 12527.20988)
  • Semi-Annual Enterprise
    Version 2002 (Build 12527.20988)
    Version 1908 (Build 11929.20934)
    Version 1902 (Build 11328.20644)
  • Outlook 2019 Volume License
    Version 1808 (Build 10364.20059)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.


Sperry Software
Use "BH93RF24" to get a discount when ordering!

Outlook 2016 (MSI) Security Update for August 2020

News

A Security Update has been released for Outlook 2016. It resolves the following vulnerabilities;

  • CVE-2020-1483: Microsoft Outlook Memory Corruption Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.
  • CVE-2020-1493: Microsoft Outlook Information Disclosure Vulnerability
    An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.
    To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting.
    The security update addresses the vulnerability by correcting how Outlook handles file attachment links.

This update contains 2 additional fixes or improvements for non-security issues;

  • Fixes an issue that causes Outlook users to be unable to send a message as (or on behalf of) a hidden distribution list.
  • Fixes an issue that causes the creation date of an attachment to be set to “January 1, 4501” if a user copies the attachment to the file system through a drag-and-drop action.

View: Download information for KB4484475

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5044.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.


Outlook 2013 Security Update for August 2020

News

A Security Update has been released for Outlook 2013. It resolves the following vulnerabilities;

  • CVE-2020-1483: Microsoft Outlook Memory Corruption Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.
  • CVE-2020-1493: Microsoft Outlook Information Disclosure Vulnerability
    An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.
    To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting.
    The security update addresses the vulnerability by correcting how Outlook handles file attachment links.

View: Download information for KB4484486

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5267.1000.


Outlook 2010 Security Update for August 2020

News

A Security Update has been released for Outlook 2010. It resolves the following vulnerabilities;

  • CVE-2020-1483: Microsoft Outlook Memory Corruption Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.
  • CVE-2020-1493: Microsoft Outlook Information Disclosure Vulnerability
    An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.
    To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting.
    The security update addresses the vulnerability by correcting how Outlook handles file attachment links.

View: Download information for KB4484475

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7256.5000.


Outlook for Microsoft 365 Apps Feature Update for July 2020

News

Right before the end of July Microsoft released the July feature update of Outlook for Microsoft 365 Apps in the Current Channel (previously known as the Office 365 Monthly Channel).

It comes with 3 new features for Outlook and 6 highlighted fixes and 1 which also was in the bug fix update for Version 2006 that was released 2 days ago.

  • Create polls in Outlook with Quick Poll
    Easily create a poll, collect votes, and view results within an email.
    • New Email-> Insert-> Poll
    • and
      New Email-> Options-> Use Voting Buttons-> Poll
  • Keep your pictures high fidelity when sending them as part of an email
    A new Outlook setting is available to limit picture compression when you send pictures as part of the email contents.
    File-> Options-> Mail-> Editor Options…-> Advanced-> enable: Do not compress images in file
  • Quickly reopen items from previous session
    We added an option to quickly reopen items from a previous Outlook session. Whether Outlook crashes or you close it, you’ll now be able to quickly relaunch items when you reopen the app. This feature is on by default. To turn it off, go to File-> Options-> General-> Start up Options-> When Outlook opens

    Outlook closed while you had items open. Reopen those items from your last session?

  • Addressed an issue that caused users of CLP (Information Protection; Classification, Labeling and Protection) to experience a crash when switching the from address on a reply from a protected context to an unprotected one.
  • Addressed an issue that caused the “Allow Forwarding” option to be missing from shared calendar meeting “Response Options” when Download Shared folder was NOT checked.
  • Addressed an issue that caused delegates to receive an error when editing an existing calendar appointment on a manager’s calendar.
  • Addressed an issue that caused users to be unable to save OneDrive attachments from outside their tenant to their local computer when selecting the “Save” option on the security dialog.
  • Addressed an issue that caused the Scheduling Assistant page to fail to display.
  • Addressed an issue that caused formatting problems in incident notification alerts.
  • We fixed an issue for copy and paste SVG image (previously fixed in Version 2006).

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2007 (Build 13029.20308).


Outlook 2016 / 2019 / 365 Update for July 2020

News

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of a Microsoft 365 subscription.

It contains 8 security updates for Excel (1), Outlook (1), Project (1), Word (4) and Office (1). The Details about the Outlook vulnerability;

  • CVE-2020-1349: Microsoft Outlook Remote Code Execution Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.

In addition, it contains 1 documented non-security fixes for Outlook Current, 1 feature and 10 fixes for Monthly Enterprise 2005, 12 for Semi-Annual (Preview) 2002 and 44 for Semi-Annual 1908. Most notable fixes are;

  • Version 2006 and 2002
    Addressed an issue that caused users to be unable to save OneDrive attachments from outside their tenant to their local computer when selecting the “Save” option on the security dialog.
  • Version 2005 – Better results—in a jiffy
    We’ve updated the Search experience to make it smarter, faster, and more reliable than ever.
  • Version 2005
    Addresses an issue that caused users to see Outlook continuously prompt them to run the Inbox Repair tool.
  • Version 2005, 2002 and 1908
    Addresses an issue that caused users to see the “The rules on this computer do not match the rules on Microsoft Exchange” message when updating their rules in Outlook.
  • Version 2002
    Addressed an issue that caused recurring appointments or meetings to be displayed at the wrong time when approaching a timezone definition change.
  • Version 2002
    Addressed an issue that caused delegates to receive an error when editing an existing calendar appointment on a manager’s calendar.
  • Version 1908
    This updates the attachment blocking logic in Outlook to also block python attachments.
  • Version 1908
    Addresses an issue that caused Outlook users to get stuck in the “Needs Password” state in certain scenarios.

Version 2002 has now also been released to the Semi-Annual Enterprise Channel and contains 12 highlighted new feature and 61 fixes which have been made available already to the other release channels.

Based on your release channel, you’ll be updated to the following version;

  • Office 365, Outlook 2016 Retail, Outlook 2019 Retail
    Version 2006 (Build 13001.20384)
  • Office 365 Monthly Enterprise
    Version 2005 (Build 12827.20538)
    Version 2004 (Build 12730.20602)
  • Office 365 Semi-Annual Enterprise (Preview)
    Version 2002 (Build 12527.20880)
  • Office 365 Semi-Annual Enterprise
    Version 2002 (Build 12527.20880)
    Version 1908 (Build 11929.20904)
    Version 1902 (Build 11328.20624)
  • Outlook 2019 Volume License
    Version 1808 (Build 10363.20015)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installation of Office 2016.


Outlook 2016 (MSI) Security Update for July 2020

News

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

  • CVE-2020-1349: Microsoft Outlook Remote Code Execution Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.

This update also contains 4 additional fixes or improvements for non-security issues;

  • Improves translations in the German version of Outlook 2016.
  • Fixed: Internet Message Access Protocol (IMAP) users see Outlook stop syncing new email messages until they restart Outlook.
  • Fixed: Users who are changing items on a manager’s shared calendar may receive the following error message: “The operation cannot be performed because the message has been changed.”
  • Fixed: Users experience crashes when they open .msg and .oft files after they apply a recent Windows update.

View: Download information for KB4484433

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5017.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.


Outlook 2013 Security Update for July 2020

News

A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

  • CVE-2020-1349: Microsoft Outlook Remote Code Execution Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.

View: Download information for KB4484363

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5257.1000.


Outlook 2010 Security Update for July 2020

News

A Security Update has been released for Outlook 2010. It resolves the following vulnerability;

  • CVE-2020-1349: Microsoft Outlook Remote Code Execution Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.

View: Download information for KB4484382

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7248.5000.


Outlook for Microsoft 365 Apps Feature Update for June 2020

News

On the last day of June Microsoft released the June feature update of Outlook for Microsoft 365 Apps in the Current Channel (previously known as the Office 365 Monthly Channel).

It comes with 3 new features for Outlook and 5 highlighted fixes (of which 4 were also included in last week’s bug fix release for Version 2005).

  • New option to disable @ mention suggestions when composing mail in Outlook
    Do you find the @ mention picker more annoying than useful? Now you can turn it off if you prefer.
    File-> Options-> Mail-> section: Send Messages-> Suggest names to mention when I use the @ symbol in a message.
  • Incident Notification for IT Admins
    Microsoft 365 tenant global administrators and Office Apps Administrators will be notified about Outlook and O365 Exchange incidents affecting their users with a new right-side panel notification in Outlook for Windows.
  • Additional buttons added to Outlook toast notifications
    Quick Action buttons now appear in Outlook toast notifications when running Outlook on Windows 10

    Outlook for Microsoft 365 New Mail Notification on Windows 10

  • Addressed an issue that caused users to see the creation date of attachments that they copied to their file system via drag and drop getting set to January 1, 4501.
  • Addressed an issue that caused users of the Shared Calendar improvements to see calendar failures.
  • Addressed an issue that caused users to see Outlook continuously prompt them to run the Inbox Repair tool.
  • Addressed an issue that caused Ctrl+click to stop working when cloud settings were enabled.
  • Addressed an issue that caused searching for a feature in Suggest a Feature to return no results and leave the user with no option to submit a new feature idea.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2006 (Build 13001.20266).