HowTo-Outlook

A Security Update has been released for Outlook 2016 Retail, Outlook 2019 and Office 365. It resolves the following vulnerability;

• CVE-2018-8587
  Which could allow remote code execution via a specially crafted file attachment which must be opened by a user.

Based on your release channel, you’ll be updated to the following version;

• Office 365, Outlook 2016 Retail, Outlook 2019 Retail
  Version 1811 (Build 11029.20108)
• Outlook 2019 Volume License
  Version 1808 (Build 10339.20026)
• Office 365 Semi Annual Channel
  Version 1803 (Build 9126-2336)

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself. This update does not apply to msi-based installation of Office 2016.

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

• CVE-2018-8587
  Which could allow remote code execution via a specially crafted file attachment which must be opened by a user.

This update also contains additional fixes for 2 non-security issues;

• When you attach a file that contains the “&” character in its name to an email message, the “&” character isn’t displayed in the attachment name.
• After you set the DisableCrossAccountCopy policy, you can’t move a folder to another location in the same email account.

View: Download information for KB4461544

Update: An additional update (KB4011722) has been released this month which solves an issue with mail delivery rules stopping to work and opening the Mange Rules & Alerts dialog returns the following error;

The operation failed because of a registry or installation problem. Restart Outlook and try again. If the problem persists, reinstall.

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4783.1000 and the updated release to version 16.0.4783.1001. This update does not apply to Perpetual and Office 365 based installations of Office 2016.

A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

• CVE-2018-8587
  Which could allow remote code execution via a specially crafted file attachment which must be opened by a user.

View: Download information for KB4461556

Update: An additional update (KB4011029) has been released this month which solves an issue with mail delivery rules stopping to work and opening the Mange Rules & Alerts dialog returns the following error;

The operation failed because of a registry or installation problem. Restart Outlook and try again. If the problem persists, reinstall.

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5093.1000 and the updated release to version 15.0.5093.1001.

A Security Update has been released for Outlook 2010. It resolves the following vulnerability;

• CVE-2018-8587
  Which could allow remote code execution via a specially crafted file attachment which must be opened by a user.

View: Download information for KB4461576

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7226.5000.

Security updates have been released for Exchange 2016. It resolves the following vulnerability;

• CVE-2018-8604
  A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user’s profile data.

View: Download information for KB4468741

Outlook for Office 365 (Monthly Channel) got the following new features or major changes this month;

• Zoom and stick
  Instead of adjusting Zoom each time you read a message, choose a default to use for all your messages.
• Outlook Async Move Messages
  Performing the move messages asynchronously to increase productivity for the Outlook users.
• Polished the Focused Inbox on and off experiences
  Unread email to show on all folders, not just Inbox when Focused Inbox turned off. Sort by Flag Status added. Better interaction of Focused Inbox with Search: Focused Inbox remains until a search begins. ‘Results’ text shown after a search completes.

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself and updates Outlook to: Version 1811 (Build 11029.20079).

A Security Update has been released for Outlook 2016 Retail, Outlook 2019 and Office 365. It resolves the following 6 vulnerabilities;

• CVE-2018-8522, CVE-2018-8524 and CVE-2018-8576
  Which could allow remote code execution via a specially crafted Office file.
• CVE-2018-8582
  Which could allow remote code execution when importing a specially crafted rwz-file (rules export).
• CVE-2018-8558 and CVE-2018-8579
  Which could lead to information disclosure as users could share anonymously-accessible links to other users via email where these links are intended to be accessed only by specific users.

Based on your release channel, you’ll be updated to the following version;

• Office 365, Outlook 2016 Retail, Outlook 2019 Retail
  Version 1810 (Build 11001.20108)
• Outlook 2019 Volume License
  Version 1808 (Build 10338.20019)
• Office 365 Semi Annual Channel
  Version 1803 (Build 9126-2315)

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself. This update does not apply to msi-based installation of Office 2016.

A Security Update has been released for Outlook 2016. It resolves the vulnerabilities mentioned in CVE-2018-8522, CVE-2018-8524 and CVE-2018-8576 which could allow remote code execution via a specially crafted Office file as well as CVE-2018-8582 which could allow remote code execution when importing a specially crafted rwz-file (rules export).

This update also contains additional fixes for 13 non-security issues. Most notable are;

• When you switch between Mail and Calendar, Outlook 2016 crashes.
• When you reply to or forward an internal email message, the email address is not displayed in the message body. Only the display name is displayed.
• When the primary email address and User Principal Name (UPN) are changed in Active Directory or Azure Active Directory, the old SMTP address and UPN in a user’s Outlook profile file aren’t changed.
• When you reply to an Information Rights Management (IRM)-protected email message, you receive the following error message:
  • The operation failed. The messaging interfaces have returned an unknown error. If the problem persists, restart Outlook. [OK].
• This update allows you to hide the retention policy User Interface (UI). via the SuppressRetentionPolicyUI Registry key.
• This update enables support for TLS version 1.2 for IMAP, POP, and SMTP connections.

View: Download information for KB4461506

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4756.1001. This update does not apply to Perpetual and Office 365 based installations of Office 2016.

A Security Update has been released for Outlook 2013. It resolves the vulnerabilities mentioned in CVE-2018-8522, CVE-2018-8524 and CVE-2018-8576 which could allow remote code execution via a specially crafted Office file as well as CVE-2018-8582 which could allow remote code execution when importing a specially crafted rwz-file (rules export).

This update also contains additional fixes for 4 non-security issues.

• When the primary email address and User Principal Name (UPN) are changed in Active Directory or Azure Active Directory, the old SMTP address and the UPN in a user’s Outlook profile file are not changed. 
• You can’t switch between accounts on a custom form by using the Accounts button.
• When running Outlook in online mode, “Cc” recipients may not appear in the email message.
• This update also enables support for TLS version 1.2 for IMAP, POP, and SMTP connections.

View: Download information for KB4461486

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5085.1000.

A Security Update has been released for Outlook 2010. It resolves the vulnerabilities mentioned in CVE-2018-8522, CVE-2018-8524 and CVE-2018-8576 which could allow remote code execution via a specially crafted Office file as well as CVE-2018-8582 which could allow remote code execution when importing a specially crafted rwz-file (rules export).

View: Download information for KB4461529

Update: When using the 64-bit version of Outlook 2010, install KB4461585 instead as this fixes an issue with the KB4461529 update which may crash Outlook on startup.

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7224.5000 (32-bit) or 14.0.7224.5001 (64-bit).