Word security update for October 2012 affects Outlook

News

A security update has been released for Word 2003, Word 2007 and Word 2010 which also affects the respective versions of Outlook. It is recommended to install this security update as soon as possible.


Microsoft Security Bulletin MS12-064
This security update resolves two privately reported vulnerabilities in Microsoft Office. The more severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

How is Microsoft Outlook affected by the vulnerabilities?
Outlook is not directly affected because the vulnerabilities exist in Microsoft Word. However, if Word is the selected email reader, which is the default case in Microsoft Outlook 2007 and Outlook 2010, then an attacker could leverage Outlook for the email attack vector to exploit CVE-2012-2528 by sending a specially crafted RTF email message to the target user.

View: Microsoft Security Bulletin MS12-064

Note: If you have Microsoft Update configured to also update other Microsoft applications, then this update will also also be offered via Microsoft Update or has already been updated automatically for you.


CodeTwo

Re-release of Exchange 2007 and 2010 Update Rollups

News

Microsoft has re-released the latest update rollups for Exchange 2010 and Exchange 2007 to address an issue in which digital signatures on files produced and signed by Microsoft will expire prematurely.

The Exchange Team also liked to mention that the re-released Update Rollup for Exchange 2010 SP2 RU4 now also includes the following fix:

  • KB2756987: Outlook only returns one result after you click the “Your search returned a large number of results. Narrow your search, or click here to view all results” message

Download: Update Rollup 8-v2 for Exchange Server 2007 Service Pack 3 (KB2756497)Download: Update Rollup 7-v2 for Exchange Server 2010 Service Pack 1 (KB2756496)
Download: Update Rollup 4-v2 for Exchange Server 2010 Service Pack 2 (KB2756485)

View: Microsoft Security Advisory 2749655


Outlook 2010 Hotfixes for August 2012

News

4 Hotfixes have been released for Outlook 2010 fixing a total of 25 issues.


Hotfix KB2687351 for Outlook 2010
This hotfix contains 23 fixes for specific issues. Most notable fixes are;

  • Outlook will now display password expiration notifications when using Exchange Online in an Office 365 environment. (KB2745588)
  • You are being prompted for credentials when you have started Outlook without an enabled network connection and the network connections is available again the next time that you start Outlook.
  • Assume that you enable the Desktop Alerts feature in online mode in Outlook 2010. When you run Outlook 2010 against a Microsoft Exchange Server 2010 server, Outlook 2010 may randomly stop receiving new email notifications.
  • Outlook endlessly connects to the Client Access Server (CAS) server and the Public Folder (PF) server after you cancel the Exchange Online Archiving (EOA) authentication dialog box.
  • Messages are lost when you move them from a pst-file to an Exchange mailbox and during the moving process the mailbox quota is exceeded.

View: Full list of fixes and download information for KB2687351


Hotfix KB2687396 for Outlook 2010
This hotfix solves and issue with Hotfix KB2553248 (released in April) where an offline Outlook Data File (.ost) and an Outlook profile are created unexpectedly.

View: More details and download information for KB2687396


Hotfix KB2687392 for Outlook 2010
This hotfix contains 2 fixes with the Unified Messaging add-in. In one case the free/busy information cannot be retrieved when the SMTP address of the attendee contains an ampersand (&). In the other case, a user cannot play an forwarded IRM protected voice message.

View: Full list of fixes and download information for KB2687392


Hotfix KB2687343 for Outlook 2010
This hotfix solves an issue for when you have the Spanish (European) LIP installed and you cannot see attendee free/busy information in the Scheduling Assistant.

View: More details and download information for KB2687343


Obtaining the hotfixes
These are a Hotfixes and not a regular update. You can request them via their KB article page.


Outlook 2007 Hotfix for August 2012

News

Hotfix KB2687336 for Outlook 2007
This hotfix contains 7 fixes for specific issues. Most notable fixes are:

  • Outlook will now display password expiration notifications when using Exchange Online in an Office 365 environment. (KB2745588)
  • Outlook creates duplicate calendar items or crashes when you have a SharePoint list with a lot of calendar items. 
  • When Outlook is configured in online mode and connecting to an Exchange 2010 server, new email notifications might not always be shown.

View: Full list of fixes and download information for KB2687336

Obtaining the hotfix
This is a Hotfix and not a regular update. You can request it via the KB article page.