MS13-068: Security updates for Outlook 2007/2010

News

A security update has been released for both Outlook 2007 and Outlook 2010 to address a vulnerability which could allow remote code execution if a user opens or previews a specially crafted email message.

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

The security update addresses the vulnerability by correcting the way that Microsoft Outlook 2007 and Outlook 2010 parse specially crafted S/MIME email messages.

View: More details and download information for KB2825999 (Outlook 2007)
View: More details and download information for KB2794707 (Outlook 2010)
View: Microsoft Security Bulletin MS13-068 – Critical


MAPILab
Use "4PM76A8" to get a discount when ordering!

Send As a Delegate or a Distribution Group by default

Button FromWhen you have permissions to “Send As” or “On Behalf Of” another mailbox or Mail Enabled Distribution Group in an Exchange environment, you can use the From field in Outlook to specify this.

However, in some situations, it is not uncommon that you need to send out as this mailbox or distribution group more often than from your own name. For instance, when you work in support and need to send out from the central support address rather than your own or when you represent a manager.

While you can manually specify the From field to send from each time you need to send out as that address, when needing to do that becomes the rule rather than the exception, it’s time to automate things.

This guide instructs you how you can cope with the above scenarios via built-in Outlook account configuration options and settings but also provides a code sample to set the From address programmatically.

Continue reading: Send As a Delegate or a Distribution Group by default


Outlook 2010 Hotfix for August 2013

News

Hotfix KB2817574 for Outlook 2010
This hotfix contains11 fixes for specific issues and can be applied to either Outlook 2010 with SP1 or SP2. Most notable fixes are;

  • 4 fixes regarding various issues with Online Archive and Retention Policies.
  • Duplicate attachments may show for Sent Items when you use IMAP configured with “download header only”.
  • When you start Outlook 2010 on a computer and then try to set up a new account for the first time, it takes 3-5 minutes to populate your username or email address on the home screen.

View: More details and download information for KB2817574

Obtaining the hotfixes
This is a Hotfix and not a regular update. You can request it via its KB article page.


Outlook 2013 Update for August 2013

News

An update has been released for Outlook 2013 and can be downloaded and installed manually, but is also being offered via Microsoft Update.

Update KB2817629 for Outlook 2013
This is a non-security update which has been released without a change log. However, it will fix the issue which got introduced in the July update where Outlook 2013 crashed when you try to select or open an encrypted message.

View: Download information for KB2817629

If you have Microsoft Update configured to also update other Microsoft applications, then this update will also also be offered via Microsoft Update or has already been updated automatically for you.


Security and Rollups Updates for Exchange 2007, Exchange 2010 and Exchange 2013

News

Due to the MS13-061 security bulletin, all currently supported versions of Exchange got a Security Update or a Rollup Update which also includes the security update.

Update:
Due to an issue with the installer, the original updates for Exchange 2013 were pulled but are now available again as a v2 release.

If you had already applied the original release to Exchange 2013, there are additional steps which you must take to correct the issue.

The vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA).

The Rollup Updates also includes a few additional fixes, so make sure you review their corresponding KB article too before applying them.

View: MS13-061 security bulletin
View: Exchange Team Blog Post about these updates
Download: Update Rollup 11 for Exchange Server 2007 Service Pack 3 (KB2873746)
Download: Update Rollup 7 for Exchange Server 2010 Service Pack 2 (KB2874216)
Download: Update Rollup 2 For Exchange 2010 SP3 (KB2866475)
Download: Security Update v2 For Exchange Server 2013 CU1 (KB2874216)
Download: Security Update v2 For Exchange Server 2013 CU2 (KB2874216)