Outlook 2010 Security Update for July 2019

News

A Security Update has been released for Outlook 2010. It resolves the following vulnerability;

  • CVE-2019-1084: Microsoft Exchange Information Disclosure Vulnerability (All)
    An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.

View: Download information for KB4475509

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7235.5000.


CodeTwo

Exchange 2019, 2016, 2013 and 2010 Security Updates for July 2019

News

Security updates have been released for Exchange 2010, Exchange 2013, Exchange 2016 and Exchange 2019.

  • CVE-2019-1084: Microsoft Exchange Information Disclosure Vulnerability (All)
    An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.
  • CVE-2019-1136: Microsoft Exchange Server Elevation of Privilege Vulnerability (Exchange 2010/2013/2016)
    An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users. Exploitation of this vulnerability requires Exchange Web Services (EWS) to be enabled and in use in an affected environment. To exploit the vulnerability, an attacker would need to execute a man-in-the-middle attack to forward an authentication request to a Microsoft Exchange Server, thereby allowing impersonation of another Exchange user. To address this vulnerability, Microsoft has changed the way EWS handles NTLM tokens.
  • CVE-2019-1137: Microsoft Exchange Server Spoofing Vulnerability (Exchange 2013/2016/2019)
    A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim’s identity to take actions on the Exchange server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Exchange Server properly sanitizes web requests.

View: Description of the security update for Microsoft Exchange Server 2010: July 9, 2019
View: Description of the security update for Microsoft Exchange Server 2013 and 2016: July 9, 2019
View: Description of the security update for Microsoft Exchange Server 2019: July 9, 2019
Download: Update Rollup 29 For Exchange 2010 SP3 (KB4509410)
Download: Security Update For Exchange Server 2013 CU23 (KB4509409)
Download: Security Update For Exchange Server 2016 CU12 (KB4509409)
Download: Security Update For Exchange Server 2016 CU13 (KB4509409)
Download: Security Update For Exchange Server 2019 CU1 (KB4509408)
Download: Security Update For Exchange Server 2019 CU2 (KB4509408)


Outlook for Office 365 Feature Update for June 2019

News

The June feature update of Outlook for Office 365 (Monthly Channel) is now available and it comes with many big changes a lot of you have been waiting for.

In Version 1906, there are some major visual updates and also a variety of options to modify the user interface;

  • We’ve updated the Outlook user experience for you
    A simplified experience, previously available for preview with Coming Soon, designed to help you focus on what matters most.
  • A simplified ribbon that’s customizable, too
    Enjoy a streamlined, single row of the most frequently used buttons also knows as the Single Line Ribbon. Easily switch between classic and Simplified views, and pin/unpin commands.
  • Pick your favorite action
    Don’t use Flag and Delete? How about Archive or Mark as Read? Customize the quick action menu with the commands you use most.
    To configure; Right click on a message in the message list and choose; Set Quick Actions…
  • Improved shared folder synchronization for mailboxes with many folders
    For years Outlook has been limited to a maximum of 500 folders when synchronizing shared mailboxes. With this change Outlook has been improved to sync in a way that will no longer encounter this 500 folder limit.
  • Focused Inbox settings remain the same across devices
    Your Focused Inbox preferences are now stored in the cloud. Enjoy the same experience when you use Outlook for Windows on any computer and Outlook on the web.
  • Relaxed or tighter layout? You choose
    Tighter Spacing lets you decide if you want more space between items, or a tighter layout to see more (some of you may have had it in Version 1905 already).
    You can toggle this option via; View-> Use Tighter Spacing
    This will not only affect your message list, but also the To, From, Cc, Bcc and Subject fields as well as the other fields you get when creating an Appointment or Meeting.
  • Ink in Your Email!
    You can now draw and annotate pictures in your Outlook emails. On touch-enabled devices, this feature is enabled by default and you’ll see a new Draw tab, between the Insert and Options tab, when composing an email in its own window.

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself and updates Outlook to: Version 1906 (Build 11727.20210).


Exchange 2019 CU2

News

Cumulative Update 2 for Exchange 2019 is now available. It contains 1 new documented security updates and 16 additional documented new fixes or improvements, as well as all previously released fixes and security updates for Exchange 2019 and the latest DST updates.

Notable improvements, changes and fixes are;

  • Decreasing Exchange Rights in the Active Directory
    There is now a Deny ACE on the DNS Admins group and the ability for Exchange to assign Service Principal Names (SPN’s) has been removed.
  • Support for .NET Framework 4.8
    The minimum .NET requirement remains 4.7.2 and .NET 4.8 will required with the December 2019 update.
  • Controlled Connections to Public Folders in Outlook
    Admins have control over which users will see public folders in their Outlook clients.
  • Authentication Policies Update
    You can define a default authentication policy at Organization level to disable legacy authentication protocols.
  • KB4503027 which discusses ADV190018: Microsoft Exchange Server Defense in Depth Update. This update was released separately for CU1 as well.
  • KB4488396: Can’t search any results in manually added shared mailbox in Outlook in Exchange Server 2016
  • KB4502131: “TLS negotiation failed with error UnknownCredentials” error after updating TLSCertificateName on Office 365 send connector in Exchange Server 2019 hybrid environment.

Additionally, the Exchange Team announced that they will not make any investments into support of Modern Authentication in on-premises Exchange without a hybrid deployment.

This release includes no new updates to the Active Directory Schema.
The next planned quarterly update is in September 2019.

Download: Cumulative Update 2 for Exchange Server 2019 (KB4488401) (from MVLC)
View: Description of Cumulative Update 2 for Exchange Server 2019
View: Blog post of the Exchange Team about CU2 for Exchange Server 2019


Exchange 2016 CU13

News

Cumulative Update 13 for Exchange 2016 is now available. It contains 1 new documented security updates and 14 additional documented new fixes or improvements, as well as all previously released fixes and security updates for Exchange 2016 and the latest DST updates.

Notable improvements, changes and fixes are;

  • Decreasing Exchange Rights in the Active Directory
    There is now a Deny ACE on the DNS Admins group and the ability for Exchange to assign Service Principal Names (SPN’s) has been removed.
  • Support for .NET Framework 4.8
    The minimum .NET requirement remains 4.7.2 and .NET 4.8 will required with the December 2019 update.
  • Controlled Connections to Public Folders in Outlook
    Admins have control over which users will see public folders in their Outlook clients.
  • KB4503027 which discusses ADV190018: Microsoft Exchange Server Defense in Depth Update. This update was released separately for CU13 as well.
  • KB4488396: Can’t search any results in manually added shared mailbox in Outlook in Exchange Server 2016
  • KB4502131: “TLS negotiation failed with error UnknownCredentials” error after updating TLSCertificateName on Office 365 send connector in Exchange Server 2016 hybrid environment

This release includes no new updates to the Active Directory Schema.
The next planned quarterly update is in September 2019.

Download: Cumulative Update 13 for Exchange Server 2016 (KB4488406)
Download: Exchange Server 2016 CU13 UM Language Packs
View: Description of Cumulative Update 13 for Exchange Server 2016
View: Blog post of the Exchange Team about CU13 for Exchange Server 2016


Exchange 2013 CU23

News

Cumulative Update 23 for Exchange 2013 is now available. It contains 1 documented security update and 1 additional documented new fix or improvement, as well as all previously released fixes and security updates for Exchange 2013 and the latest DST updates. Note that mainstream support for Exchange 2013 has ended in April 2018.

  • KB4502131: “TLS negotiation failed with error UnknownCredentials” error after updating TLSCertificateName on Office 365 send connector in Exchange Server 2013 hybrid environment
  • KB4503028 which discusses ADV190018: Microsoft Exchange Server Defense in Depth Update. This update was released separately for CU22 as well.

This release includes no new updates to the Active Directory Schema.

Download: Cumulative Update 23 for Exchange Server 2013 (KB4489622)
Download: Exchange Server 2013 CU23 UM Language Packs
View: Description of Cumulative Update 23 for Exchange Server 2013
View: Blog post of the Exchange Team about CU23 for Exchange Server 2013


Outlook 2016 / 2019 / 365 Update for June 2019

News

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of an Office 365 subscription.

It contains 2 security updates for Word. In addition, it contains a fix for certain Outlook.com accounts being prompted for a phone number and not being able to confirm it in the Monthly Channel.

Based on your release channel, you’ll be updated to the following version;

  • Office 365, Outlook 2016 Retail, Outlook 2019 Retail
    Version 1905 (Build 11629.20246)
  • Outlook 2019 Volume License
    Version 1808 (Build 10346.20002)
  • Office 365 Semi Annual Channel
    Version 1902 (Build 11328.20318)
    Version 1808 (Build 10730.20348)
    Version 1803 (Build 9126.2388)

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself. This update does not apply to msi-based installation of Office 2016.


Exchange 2019, 2016, 2013 and 2010 Security Updates for June 2019

News

Security updates have been released for Exchange 2010, Exchange 2013, Exchange 2016 and Exchange 2019.

  • ADV190018: Microsoft Exchange Server Defense in Depth Update
    Microsoft has released an update for Microsoft Exchange Server that provides enhanced security as a defense in depth measure.

View: Description of the security update for Microsoft Exchange Server 2019 and 2016: June 11, 2019
View: Description of the security update for Microsoft Exchange Server 2013 and 2010: June 11, 2019
Download: Security Update For Exchange Server 2019 CU1 (KB4503027)
Download: Security Update For Exchange Server 2019 (KB4503027)
Download: Security Update For Exchange Server 2016 CU12 (KB4503027)
Download: Security Update For Exchange Server 2016 CU11 (KB4503027)
Download: Cumulative Update 22 for Exchange Server 2013 (KB4503028)
Download: Update Rollup 28 For Exchange 2010 SP3 (KB4503028)


Outlook 2016 (MSI) Update for June 2019

News

A Rollup Update has been released for Outlook 2016. This is a non-security update which contains 5 documented improvements and fixes.

  • Improves translations for multiple languages versions of Outlook 2016 (also requires KB4464581).
  • When the mailbox is full, if you try to restore an email message from the Recover Deleted Items dialog box, you will receive an error message and the item will be deleted permanently.
  • When your delegate changes a meeting date on your behalf, the updated meeting date isn’t displayed on your calendar.
  • This update enables Outlook 2016 to send requests by default during Need Password. You can block this behavior by setting the AllowRequestsInNeedPasswordBehavior Registry value.
  • If there are a few rows of attachments in a message, the click behavior on attachments such as double-click, single-click or right-click doesn’t work as expected in certain cases.

View: Download information for KB4464585

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4861.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.


Outlook for Office 365 Feature Update for May 2019

News

The May feature update of Outlook for Office 365 (Monthly Channel) is now available.

In Version 1905, there are some bigger changes and new features especially when compare with the last few months;

  • A quicker way to add accounts:
    Thanks to account setup improvements, it’s easier than ever to add Outlook.com and Gmail accounts that use 2-factor authentication to Outlook.
  • Search with spelling woes and typos
    Outlook will find what you’re looking for even when your spelling doesn’t match. This applies to Outlook.com and Office 365 Exchange Online mailboxes only.
  • Density settings
    Tighter spacing lets you decide whether you want more space between items or a tighter layout to see more.
    To enable; View-> Use Tighter Spacing
    This feature is part of the new simplified user experience which is being rolled out.

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself and updates Outlook to: Version 1905 (Build 11629.20196).