HowTo-Outlook

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of an Office 365 subscription.

It contains 2 security updates which are both for Excel. In addition, it contains 4 documented non-security fixes for Outlook;

• Fixed an issue with attachment blocking logic in Outlook to also block python attachments.
• Addressed an issue that caused users to be unable to open some instances of recurring calendar items.
• Addressed an issue that caused users to observe a memory leak in the Outlook process.
• Addressed an issue that caused users to experience a crash during profile creation.

Based on your release channel, you’ll be updated to the following version;

• Office 365, Outlook 2016 Retail, Outlook 2019 Retail
  Version 1909 (Build 12026.20320)
• Office 365 Semi Annual (Targeted)
  Version 1908 (Build 11929.20388)
• Office 365 Semi Annual
  Version 1902 (Build 11328.20438)
  Version 1808 (Build 10730.20386)
• Outlook 2019 Volume License
  Version 1808 (Build 10351.20054)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installation of Office 2016.

A Rollup Update has been released for Outlook 2016. This is a non-security update which contains the following documented change;

• Outlook now can block the sending and receiving of Python files (.py, .pyc, .pyo, .pyw, .pyz and .pyzw) as attachments.

View: Download information for KB4484107

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4900.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.

A Rollup Update has been released for Outlook 2013. This is a non-security update which contains the following documented change;

• Outlook now can block the sending and receiving of Python files (.py, .pyc, .pyo, .pyw, .pyz and .pyzw) as attachments.

View: Download information for KB4484096

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5172.1000.

A Rollup Update has been released for Outlook 2010. This is a non-security update which contains the following documented change;

• Outlook now can block the sending and receiving of Python files (.py, .pyc, .pyo, .pyw, .pyz and .pyzw) as attachments.

View: Download information for KB4475604

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7236.5000.

The September feature update of Outlook for Office 365 (Monthly Channel) was released on the final day of September and it comes with 7 new features for Outlook.

• Insert Link Menu in Outlook will insert a link with permission defined by tenant admin
  A link from the Insert Link MRU in Outlook would insert a link that only worked for users who already had permissions to it. This often caused back and forth emails between users asking to be granted access to a document. We’ve updated this experience so now the link is inserted with the default permission set by the tenant admin.
• Outlook visual refresh
  This is part of the visual refresh of core experiences in Outlook, updating how mail messages layout in the reading pane and inspector.
• Shared calendar updates just got faster
  For shared calendars in Office 365, Outlook can update these calendars using the REST API. Turn on the preview for faster and more reliable updates to shared calendars.
  File-> Account Settings-> Account Settings…-> double click on your Office 365 account-> More Settings-> Advanced-> Turn on shared calendar improvements (preview)
• See relevant messages in your search results
  Outlook analyzes search terms and shows the most relevant email messages at the top of your search results. You’ll also see all results sorted by date in the Top Results section.
  File-> Options-> Search-> Show most relevant search results on top
• Send the mail to the right person
  Just click the To: line and choose from suggested contacts. A picture and presence indicator helps you choose the right person.
• Advanced protection against attack
  With Office 365 Advanced Threat Protection, you’re protected against attacks through hyperlinks within email subjects, attached messages, signed messages, network paths, and so on.
• See your messages in a different light
  Use the Sun/Moon button to switch between light and dark backgrounds in the reading pane.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 1909 (Build 12026.20264).

Cumulative Update 3 for Exchange 2019 is now available. It contains 1 security update and 19 additional documented new fixes or improvements, as well as all previously released fixes and security updates for Exchange 2019 and the latest DST updates.

Notable improvements, changes and fixes are;

• KB4515257: Hash mismatch is reported for Exchange DLLs in the bin directory of Exchange Server 2019.
• KB4513500: Can’t sign in to OWA or EAC after you install Exchange Server 2019 CU2 with AD FS.
• KB4502159: Adding or removing mailbox permission in EAC doesn’t address the msExchDelegateListLink attribute.
• KB4515275: Enable Get/Restore-RecoverableItems to work with Purges folder.
• KB4515276: Room mailbox accepts a meeting as “Free” if a booking delegate is set.
• KB4515832: Description of the security update for Microsoft Exchange Server 2019 and 2016: September 10, 2019 which discusses CVE-2019-1233 and CVE-2019-1266. This update was released separately for CU13 as well.

This release includes no new updates to the Active Directory Schema.
The next planned quarterly update is in December 2019.

Download: Cumulative Update 3 for Exchange Server 2019 (KB4514141) (from MVLC)
View: Description of Cumulative Update 3 for Exchange Server 2019
View: Blog post of the Exchange Team about CU3 for Exchange Server 2019

Cumulative Update 14 for Exchange 2016 is now available. It contains 1 security update and 19 additional documented new fixes or improvements, as well as all previously released fixes and security updates for Exchange 2016 and the latest DST updates.

Notable improvements, changes and fixes are;

• KB4502159: Adding or removing mailbox permission in EAC doesn’t address the msExchDelegateListLink attribute.
• KB4515275: Enable Get/Restore-RecoverableItems to work with Purges folder.
• KB4515276: Room mailbox accepts a meeting as “Free” if a booking delegate is set.
• KB4515832: Description of the security update for Microsoft Exchange Server 2019 and 2016: September 10, 2019 which discusses CVE-2019-1233 and CVE-2019-1266. This update was released separately for CU13 as well.

This release includes no new updates to the Active Directory Schema.
The next planned quarterly update is in December 2019. 

Download: Cumulative Update 14 for Exchange Server 2016 (KB4514140)
Download: Exchange Server 2016 CU14 UM Language Packs
View: Cumulative Update 14 for Exchange Server 2016
View: Blog post of the Exchange Team about CU14 for Exchange Server 2016

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of an Office 365 subscription.

It contains 4 security updates for Excel (2) and Office (2). In addition, it contains 2 documented non-security fixes for Outlook;

• Fixed an issue that caused users to be unable to access location suggestions via a screen reader.
• Fixed an issue that caused some users to encounter authentication errors when trying to retrieve their cloud settings for Outlook.

Based on your release channel, you’ll be updated to the following version;

• Office 365, Outlook 2016 Retail, Outlook 2019 Retail
  Version 1908 (Build 11929.20300)
• Outlook 2019 Volume License
  Version 1808 (Build 10350.20019)
• Office 365 Semi Annual Channel
  Version 1902 (Build 11328.20420)
  Version 1808 (Build 10730.20380)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installation of Office 2016.

A Rollup Update has been released for Outlook 2016. This is a non-security update which contains the following documented fix.

• Assume that you create events outside the default time zone in Outlook. When you use Outlook Add-ins to retrieve the time and date programmatically, you find that the returned time and date is incorrect.

View: Download information for KB4475593

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4900.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.

Security updates have been released for Exchange 2016 and Exchange 2019.

• CVE-2019-1233: Microsoft Exchange Denial of Service Vulnerability
  A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server. The security update addresses the vulnerability by correcting how Microsoft Exchange Server handles objects in memory.
• CVE-2019-1266: Microsoft Exchange Spoofing Vulnerability
  A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or the vulnerability could be used as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, an attacker could send a specially crafted email containing a malicious link to a user. An attacker could also use a chat client to social engineer a user into clicking the malicious link. However, in both examples the user must click the malicious link. The security update addresses the vulnerability by correcting how OWA validates web requests.

View: Description of the security update for Microsoft Exchange Server 2019 and Exchange Server 2016: September 10, 2019
Download: Security Update For Exchange Server 2016 CU13 (KB4515832)
Download: Security Update For Exchange Server 2016 CU13 (KB4515832)
Download: Security Update For Exchange Server 2019 CU1 (KB4515832)
Download: Security Update For Exchange Server 2019 CU2 (KB4515832)