HowTo-Outlook

Just as last month, the March feature update of Outlook for Office 365 (Monthly Channel) was released a little late, or they really wanted to go for that April Fools’ Day release date.

Anyway, Version 1903 is available now and although there are no new feature updates to highlight this time, it does contain several bug fixes.

PowerPoint got several Morph Transition enhancements and Word, Excel, and PowerPoint got some Compatibility Checker improvements too.

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself and updates Outlook to: Version 1903 (Build 11425.20202).

Strictly speaking, it is a March update as they were a little late to release the 1902 update of Outlook for Office 365 (Monthly Channel). However, because of the version number and as we most likely get another feature update later this month, it still makes sense to refer to this update as the February update.

Anyway, there were 4 new feature included for Outlook this month;

• Build in time between back-to-back meetings
  Give attendees time to catch their breath or travel between locations by setting meetings to end 5-10 minutes early by default. Learn more here and here
• Use Read Aloud to listen to your email
  Outlook can read your email aloud, highlighting text as it’s read. To turn on Read Aloud, go to the Ease of Access settings. Learn more
• Message Encryption: encrypt-only IRM policy
  New encrypt-only option appears in the Options > Permissions menu for Office 365 Message Encryption users. This option allows you to encrypt a message and send it to anyone, inside or outside your organization. Learn more
• New default for range of recurrence
  For the Recurrence dialog, the range of recurrence used to default for “No end date”. This facilitated the creation of long-running recurring series, which can become corrupted over time. We are updating the default for the Recurrence dialog to “End by”, such that our default value matches recommended best practices for calendaring. Learn more

Additionally, note that Microsoft Teams is now installed by default as well for new Office 365 ProPlus installations. Microsoft Teams will not be installed automatically when “merely” updating.

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself and updates Outlook to: Version 1902 (Build 11328.20146).

A Rollup Update has been released for Outlook 2016. This is a non-security update which contains 8 documented improvements and fixes.

Most notable fixes in this update;

• Support and additional fixes for the new Japanese era and holidays.
• Assume that you set a rule to create and move a copy of a sent email message into an Outlook Data Files (.pst) file. After you send an email message, the sent email message is unexpectedly saved as an unsent draft email message in the PST file.
• When you interact with the “Attachments” tab, Outlook intermittently crashes.
• Email messages are incorrectly grouped after you swap time zones in Outlook. This issue occurs when Outlook interacts with some add-ins and certain custom Visual Basic for Applications (VBA) scripts.
• You can’t reply to some email messages that have the “Do not reply all” policy applied.

View: Download information for KB4462196

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4822.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.

A Rollup Update has been released for Outlook 2013. This is a non-security update which contains 2 documented improvements and fixes.

• Assume that you create a rule on a Public Folder based on the “From” address. When you view the rule in the Folder Assistant dialog box, the email address is not displayed and only “From:” is displayed in the rule condition.
• This update also enables Outlook 2013 (64-bit) to use the new Japanese era abbreviation when the new Japanese era is available. Support for the 32-bit version is coming soon.

View: Download information for KB4462206

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5119.1000.

A Rollup Update has been released for Outlook 2010. This is a non-security update which contains the following improvement;

• This update enables Outlook 2010 to use the new Japanese era abbreviation when the new Japanese era is available.

View: Download information for KB4462229

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7230.5000.

Cumulative Update 1 for Exchange 2019 is now available. It contains 3 new documented security updates and 18 additional documented new fixes or improvements, as well as all previously released fixes and security updates for Exchange 2019 and the latest DST updates.

Notable improvements, changes and fixes are;

• ADV190004: February 2019 Oracle Outside In Library Security Update
  Microsoft Exchange Server contains some elements of the Oracle Outside In libraries. This update contain fixes to vulnerabilities which are described in: Oracle Critical Patch Update Advisory – October 2018.
• CVE-2019-0686 and CVE-2019-0724: Microsoft Exchange Server Elevation of Privilege Vulnerability
  An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as a Domain Administrator or gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users. Exploitation of this vulnerability requires Exchange Web Services (EWS) and Push Notifications to be enabled and in use in an affected environment.
  To mitigate this vulnerability, AD permissions granted to Exchange server have been modified as discussed in KB4490059: Reducing permissions required to run Exchange Server by using Shared Permissions Model, and additionally changes have been made to EWS authentication as discussed in KB4490060: Exchange Web Services Push Notifications can be used to gain unauthorized access.
• KB4488398: “The Microsoft Exchange Replication service may not be running on server” error when you add a mailbox database copy in Exchange Server 2019
• KB4488268: Disable the irrelevant Query logs that’re created in Exchange Server 2016.

This release includes no new updates to the Active Directory Schema.
The next planned quarterly update is in June 2019.

Download: Cumulative Update 1 for Exchange Server 2019 (KB4471391) (from MVLC)
View: Description of Cumulative Update 1 for Exchange Server 2019
View: Blog post of the Exchange Team about CU1 for Exchange Server 2019

Cumulative Update 12 for Exchange 2016 is now available. It contains 3 new documented security updates and 23 additional documented new fixes or improvements, as well as all previously released fixes and security updates for Exchange 2016 and the latest DST updates.

Notable improvements, changes and fixes are;

• ADV190004: February 2019 Oracle Outside In Library Security Update
  Microsoft Exchange Server contains some elements of the Oracle Outside In libraries. This update contain fixes to vulnerabilities which are described in: Oracle Critical Patch Update Advisory – October 2018.
• CVE-2019-0686 and CVE-2019-0724: Microsoft Exchange Server Elevation of Privilege Vulnerability
  An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as a Domain Administrator or gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users. Exploitation of this vulnerability requires Exchange Web Services (EWS) and Push Notifications to be enabled and in use in an affected environment.
  To mitigate this vulnerability, AD permissions granted to Exchange server have been modified as discussed in KB4490059: Reducing permissions required to run Exchange Server by using Shared Permissions Model, and additionally changes have been made to EWS authentication as discussed in KB4490060: Exchange Web Services Push Notifications can be used to gain unauthorized access.
• KB4487603: “The action cannot be completed” error when you select many recipients in the Address Book of Outlook in Exchange Server 2016.
• KB4488268: Disable the irrelevant Query logs that’re created in Exchange Server 2016.

This release includes no new updates to the Active Directory Schema.
The next planned quarterly update is in June 2019. 

Download: Cumulative Update 12 for Exchange Server 2016 (KB4471392)
Download: Exchange Server 2016 CU12 UM Language Packs
View: Description of Cumulative Update 12 for Exchange Server 2016
View: Blog post of the Exchange Team about CU12 for Exchange Server 2016

Cumulative Update 22 for Exchange 2013 is now available. It contains 3 new documented security updates and 1 additional documented new fix or improvement, as well as all previously released fixes and security updates for Exchange 2013 and the latest DST updates. Note that mainstream support for Exchange 2013 has ended in April 2018.

• ADV190004: February 2019 Oracle Outside In Library Security Update
  Microsoft Exchange Server contains some elements of the Oracle Outside In libraries. This update contain fixes to vulnerabilities which are described in: Oracle Critical Patch Update Advisory – October 2018.
• CVE-2019-0686 and CVE-2019-0724: Microsoft Exchange Server Elevation of Privilege Vulnerability
  An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as a Domain Administrator or gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users. Exploitation of this vulnerability requires Exchange Web Services (EWS) and Push Notifications to be enabled and in use in an affected environment.
  To mitigate this vulnerability, AD permissions granted to Exchange server have been modified as discussed in KB4490059: Reducing permissions required to run Exchange Server by using Shared Permissions Model, and additionally changes have been made to EWS authentication as discussed in KB4490060: Exchange Web Services Push Notifications can be used to gain unauthorized access.
• KB4487603: “The action cannot be completed” error when you select many recipients in the Address Book of Outlook in Exchange Server 2013.

This release includes no new updates to the Active Directory Schema.

Download: Cumulative Update 22 for Exchange Server 2013 (KB4345836)
Download: Exchange Server 2013 CU22 UM Language Packs
View: Description of Cumulative Update 22 for Exchange Server 2013
View: Blog post of the Exchange Team about CU22 for Exchange Server 2013

Update Rollup 26 for Exchange 2010 Service Pack 3 is now available. It contains 3 documented new security updates and all previously released fixes and security updates for Exchange 2010 SP3. Note that mainstream support for Exchange 2010 has already ended.

• ADV190004: February 2019 Oracle Outside In Library Security Update
  Microsoft Exchange Server contains some elements of the Oracle Outside In libraries. This update contain fixes to vulnerabilities which are described in: Oracle Critical Patch Update Advisory – October 2018.
• CVE-2019-0686 and CVE-2019-0724: Microsoft Exchange Server Elevation of Privilege Vulnerability
  An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as a Domain Administrator or gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users. Exploitation of this vulnerability requires Exchange Web Services (EWS) and Push Notifications to be enabled and in use in an affected environment.
  To mitigate this vulnerability, changes have been made to EWS authentication as discussed in KB4490060: Exchange Web Services Push Notifications can be used to gain unauthorized access. Additionally, you’ll manually have to modify AD permissions granted to Exchange server as discussed in KB4490059: Reducing permissions required to run Exchange Server by using Shared Permissions Model.

View: Description of Update Rollup 26 for Exchange Server 2010
Download: Update Rollup 26 For Exchange 2010 SP3 (KB4487052)
View: Blog post of the Exchange Team about CU26 for Exchange Server 2010