HowTo-Outlook

Microsoft has released the October 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

This time there are 1 new feature and 6 documented fixes.

• Teams Meeting Apps now work in Outlook too
  Now, you can configure a meeting app while scheduling an invite in Outlook. This meeting app will be ready to use when you chat or join the meeting on Teams.
• We fixed an issue where Microsoft account users were missing their Outlook Add-ins.
• We fixed an issue where the setting to control how Outlook opens previous items at start-up was missing from the Options window.
• We fixed an issue where Outlook would close unexpectedly when a user clicked “Cancel” in the Wait on Send dialog if the message had attachments.
• We fixed an issue where the Louder Labels sensitivity menu was not visible in the ribbon for users in the Semi-Annual Channel.
• We fixed an issue that caused a meeting update to be sent to all attendees when clicking on “cancel” in the “Send Update to Attendees” dialog.
• We fixed an issue where tracking responses from rooms was inconsistent when adding a second room from suggestions.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2310 (Build 16924.20106).

The October security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 2 security updates and both are for shared Office components.

In addition, it contains 1 non-security fix related to Outlook Current Channel Version 2309, 7 fixes related to Outlook Monthly Enterprise Version 2308, and 3 fixes related to Outlook Semi-Annual Version 2302.

• Version 2309
• We fixed an issue where Microsoft account users were missing their Outlook add-ins.
• Version 2308
• We fixed an issue that caused the incorrect workdays to be displayed on shared-in calendars.
• We fixed an issue where the External Sender tag was not showing.
• We fixed an issue that caused Outlook to exit unexpectedly when inserting a Loop component into a meeting.
• We fixed an issue that caused Outlook to close unexpectedly in some search scenarios.
• We fixed an issue that caused Outlook to exit unexpectedly when users executed a search with the “All Mailboxes” scope.
• We fixed an issue that caused Outlook to close unexpectedly when viewing an email.
• We fixed an issue where an out-of-memory error would appear when sending email after seeing the WaitOnSend dialog pop up.
• Version 2302
• We fixed an issue where the Louder Labels sensitivity menu was not visible in the ribbon for users in the Semi-Annual Channel.
• We fixed an issue where the Microsoft To Do app failed to load for some customers.
• We fixed an issue that caused Outlook to exit unexpectedly when inserting a Loop component into a meeting request, as well as other meeting body issues.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
  Version 2309 (Build 16827.20166)
• Monthly Enterprise
  Version 2308 (Build 16731.20316)
  Version 2307 (Build 16626.20222)
• Semi-Annual Enterprise (Preview)
  Version 2308 (Build 16731.20316)
• Semi-Annual Enterprise
  Version 2302 (Build 16130.20810)
  Version 2208 (Build 15601.20796) 
• Outlook LTSC 2021
  Version 2108 (Build 14332.20582)
• Outlook 2019 Volume Licensed
  Version 1808 (Build 10403.20013)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

Security updates have been released for Exchange 2016 and Exchange 2019.

The updates fix the following vulnerabilities;

• CVE-2023-36778: Microsoft Exchange Server Remote Code Execution Vulnerability

None of the vulnerabilities are currently publicly disclosed nor exploited. However, it is rated as “Exploitation More Likely”, so make sure you update as soon as possible!

The updates also contain the following new feature and non-security issues;

• Extended Protection causes Outlook for Mac not to update the OAB
• Details Templates Editor fails and returns BlockedDeserializeTypeException
• Users in account forest can’t change expired password in OWA in multi-forest Exchange deployments after installing August 2023 SU

Additionally, there is an new update released by the Windows Team which contains a better solution to address CVE-2023-21709 from last August. This is better known as the IIS Token Cache issue where you had to apply the update and disable the Token Cache module. This has now been addressed via CVE-2023-36434. For more info, see the Exchange blog post referenced below.

View: Exchange Blog: Released: October 2023 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019 and 2016: October 10, 2023 (KB5030877)

Download: Security Update V2 for Exchange 2019 CU12 and CU13
Download: Security Update V2 for Exchange 2016 CU23.

Microsoft has released the September 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

It’s a bit of small release for Outlook this times as it only contains 2 documented fixes;

• We fixed an issue where the setting to control how Outlook opens previous items at start-up was missing from the Options window.
• We fixed an issue that caused Outlook to exit unexpectedly when searching a shared or delegated mailbox.

But we can always rely on the Excel Team to with something exciting in those cases. This time there is a nice new feature which definitely reduces some annoyances;

• Control your data conversions
  You’ve been asking for more control over how Excel automatically converts your data to specific formats. We delivered! You now have the ability to disable specific types of automatic data conversions; this way, you won’t need to worry about Excel converting your data to a format that you didn’t want and weren’t expecting.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2309 (Build 16827.20130).

The September security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 8 security updates for Excel (1), Outlook (1), Word (2), and Office (4). The details about the Outlook vulnerability can be found below;

• CVE-2023-36763: Microsoft Outlook Information Disclosure Vulnerability
  • This vulnerability is currently not publicly disclosed nor exploited.
  • Exploitation of the vulnerability requires no user interaction and could allow the disclosure of credentials.
  • The Preview Pane is not an attack vector.
  • The Exploitability Assessment is rated: Exploitation Less Likely.

In addition, it contains 4 non-security fixes related to Outlook Current Channel Version 2308, 8 fixes related to Outlook Monthly Enterprise Version 2307, 4 fixes related to Outlook Semi-Annual Version 2302, and 1 fix related to Outlook Semi-Annual Version 2208. Most notable fixes are;

• Version 2308
  • We fixed an issue where an out-of-memory error would appear when sending email after seeing the WaitOnSend dialog pop up.
  • We fixed an issue where the External Sender tag was not showing.
  • We fixed an issue that caused Outlook to close unexpectedly when viewing an email.
  • We fixed an issue that caused Outlook to close unexpectedly in some search scenarios.
• Version 2307
  • We fixed an issue that caused the incorrect working hours to be displayed on shared-in calendars.
  • We fixed an issue that caused the application to close unexpectedly when clicking on non-HTTP links.
  • We fixed an issue that caused users to receive errors about having too many Actionable Messages open more frequently than expected.
  • We fixed an issue where Outlook would prompt the user to save changes to a meeting when no changes were made.
• Version 2302
  • We fixed an issue that caused users to receive a Non-Delivery Report (NDR) when overriding the oversharing policy notification or reporting it as a false positive.
  • We fixed an issue that caused Outlook to fail to display PolicyTips in Outlook sessions that were launched with no internet connection.
  • We fixed an issue that caused Outlook to close unexpectedly when viewing an email.
• Version 2302 and Version 2208
  • We fixed an issue that caused some users of Outlook to see a “Retrieving templates from server” dialog for a very long time when clicking on the “From” field in an email message.

Version 2308 has now also been released to the Semi-Annual Enterprise Channel (Preview) and contains 7 highlighted new features and over 37 fixes related to Outlook, which have been made available already to the Current release channel too. The new features are;

• Get relevant alerts with new Notifications pane
  Don’t let important information get buried in your inbox. The new Notifications pane in Outlook delivers notifications that are relevant to you in the context of your regular email. The pane gives you the ability to customize the types of notifications you wish to receive, including email and document @mentions, travel updates, deliveries, and more.
• Org Explorer
  Visualize and explore your company’s internal structure, work teams, and individual roles.
• Assign a sublabel as the default when a parent label is selected
  When using built-in sensitivity labels in Microsoft 365 Apps, admins can specify a sublabel to get applied automatically when a parent label is selected. This takes effect only when users select a parent label manually.
• Accessibility Ribbon in Outlook for Windows
  The Accessibility Ribbon brings together in one place all the tools you need to make your emails accessible.
• We added a registry key that hides the “Try the new Outlook” toggle
  To learn more about the new Outlook for Windows, please click here. For additional information on managing mailbox access to the new Outlook for Windows, please click here.
  • Key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\General
  • Value type: REG_DWORD
  • Value name: HideNewOutlookToggle
  • Possible values;
    • 0 (default) – “Try the new Outlook” toggle, if available in selected update channel, is displayed to users
    • 1 – “Try the new Outlook” toggle is hidden
• Inheritance of attachment labels to email messages
  For email messages with attachments, apply a label that matches the highest classification of those attachments.
• Block emails with sensitive labels
  Implement pop-up messages in Outlook that warn, justify, or block emails being sent based on sensitivity labels.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
  Version 2308 (Build 16731.20234)
• Monthly Enterprise
  Version 2307 (Build 16626.20208)
  Version 2306 (Build 16529.20254)
• Semi-Annual Enterprise (Preview)
  Version 2308 (Build 16731.20234)
• Semi-Annual Enterprise
  Version 2302 (Build 16130.20766)
  Version 2208 (Build 15601.20772) 
• Outlook LTSC 2021
  Version 2108 (Build 14332.20565)
• Outlook 2019 Volume Licensed
  Version 1808 (Build 10402.20023)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

• CVE-2023-36763: Microsoft Outlook Information Disclosure Vulnerability
  • This vulnerability is currently not publicly disclosed nor exploited.
  • Exploitation of the vulnerability requires no user interaction and could allow the disclosure of credentials.
  • The Preview Pane is not an attack vector.
  • The Exploitability Assessment is rated: Exploitation Less Likely.

View: Download information for KB5002499

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5413.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.

Microsoft has released the July 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

This time there are 1 new feature and 4 documented fixes.

• Updated encryption for Microsoft Purview Information Protection
  Advanced Encryption Standard (AES) with 256-bit key length in Cipher Block Chaining mode (AES256-CBC) is now the default Microsoft Purview Information Protection encryption mechanism for Microsoft 365 Apps documents and emails.
• We fixed an error that users were hitting when they tried to override a Policy Tip detection or to report it as a false positive.
• We fixed an issue that caused Outlook to exit unexpectedly when users executed a search with the “All Mailboxes” scope.
• We fixed an issue that caused the application to close unexpectedly when clicking on non-HTTP links.
• We fixed an issue that caused the incorrect workdays to be displayed on shared-in calendars.

Excel also got a very useful new shortcut worth sharing;

• Paste values directly into your workbook using a keyboard shortcut
  The keyboard shortcut CTRL+SHIFT+V lets you quickly Paste Values rather than having to choose Paste Values from the menu.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2308 (Build 16731.20170).

The July security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 9 security updates for Excel (2), Outlook (1), Visio (3), and Office (3). The details about the Outlook vulnerability can be found below;

• CVE-2023-36893: Microsoft Outlook Spoofing Vulnerability
  • This vulnerability is currently not publicly disclosed nor exploited.
  • Exploitation of the vulnerability requires that a user with an affected version of Outlook opens a malicious meeting or appointment invite from the attacker.
  • The Preview Pane is not an attack vector.
  • The Exploitability Assessment is rated: Exploitation Less Likely.

In addition, it contains 3 non-security fixes related to Outlook Current Channel Version 2307, and 1 new feature and 2 fixes related to Outlook Monthly Enterprise Version 2306.

• Version 2307
• We fixed an issue that caused Outlook to fail to show Top Search Results in some views.
• We fixed an issue where Microsoft 365 links failed to launch properly.
• We fixed an issue that caused users to receive errors about having too many Actionable Messages open more frequently than expected.
• Version 2306
• Accessibility Ribbon in Outlook for Windows
  The Accessibility Ribbon brings together in one place all the tools you need to make your emails accessible.
• We fixed an issue that caused users to get prompted to save changes to an unmodified email message.
• We fixed an issue where the Me control showed the wrong display name in Office apps.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
  Version 2307 (Build 16626.20170)
• Monthly Enterprise
  Version 2306 (Build 16529.20226)
  Version 2305 (Build 16501.20286)
• Semi-Annual Enterprise (Preview)
  Version 2302 (Build 16130.20714)
• Semi-Annual Enterprise
  Version 2302 (Build 16130.20714)
  Version 2208 (Build 15601.20742)
  Version 2202 (Build 14931.21078) 
• Outlook LTSC 2021
  Version 2108 (Build 14332.20546)
• Outlook 2019 Volume Licensed
  Version 1808 (Build 10401.20025)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

Security updates have been released for Exchange 2016 and Exchange 2019. There is no security update for Exchange 2013 as support ended on April 11, 2023.

The updates fix the following vulnerabilities;

• CVE-2023-21709: Microsoft Exchange Server Elevation of Privilege Vulnerability
• CVE-2023-35368: Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2023-35388: Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2023-36744: Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2023-36745: Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2023-36756: Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2023-36757: Microsoft Exchange Spoofing Vulnerability
• CVE-2023-36777: Microsoft Exchange Server Information Disclosure Vulnerability
• CVE-2023-38181: Microsoft Exchange Server Spoofing Vulnerability
• CVE-2023-38182: Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2023-38185: Microsoft Exchange Server Remote Code Execution Vulnerability

None of the vulnerabilities are currently publicly disclosed nor exploited. However, 2 of them are rated as “Exploitation More Likely” so make sure you update as soon as possible!

Additionally, to properly address vulnerability CVE-2023-21709, you must run a script or an additional PowerShell command as discussed in the referenced article.

The updates also contain the following new feature and non-security issues;

• Enable support for AES256-CBC-encrypted content in Exchange Server August 2023 SU
• DST settings are inaccurate after an OS update
• Microsoft Exchange replication service repeatedly stops responding
• Chinese coded characters aren’t supported in Exchange Admin Center
• External email address field doesn’t display the correct username

View: Exchange Blog: Released: August 2023 Exchange Server Security Updates
View: Exchange Blog: September 2023 release of new Exchange Server CVEs (resolved by August 2023 Security Updates)
View: Description of version 2 of the security update for Microsoft Exchange Server 2019 and 2016: August 15, 2023 (KB5030524) 

Download: Security Update V2 for Exchange 2019 CU12 and CU13
Download: Security Update V2 for Exchange 2016 CU23.

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

• CVE-2023-36893: Microsoft Outlook Spoofing Vulnerability
  • This vulnerability is currently not publicly disclosed nor exploited.
  • Exploitation of the vulnerability requires that a user with an affected version of Outlook opens a malicious meeting or appointment invite from the attacker.
  • The Preview Pane is not an attack vector.
  • The Exploitability Assessment is rated: Exploitation Less Likely.

View: Download information for KB5002459

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5408.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.