HowTo-Outlook

Microsoft has released the July 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

It’s a bit of an uneventful release as there are only 2 documented fixes this time and no new features.

• We fixed an issue where opening links in Edge would cause the side pane to not be visible.
• We fixed an issue where Outlook would prompt the user to save changes to a meeting when no changes were made.

Excel did get an interesting new feature though;

• Performance improvement related to fonts
  If you do not use printer fonts or have not heard of printer fonts, unchecking the setting in File-> Options-> Advanced-> “Include fonts that are stored on the printer” can help speed up font related operations such as choosing a font from font drop down, or formatting a cell by bolding/italicizing a cell’s font, etc.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2307 (Build 16626.20132).

The July security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 10 security updates for Excel (3), Outlook (2), and Office (5). The details about the Outlook vulnerabilities can be found below;

• CVE-2023-33151: Microsoft Outlook Spoofing Vulnerability
  • This vulnerability is currently not publicly disclosed nor exploited.
  • Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
  • The Exploitability Assessment is rated: Exploitation Less Likely.
• CVE-2023-35311: Microsoft Outlook Security Feature Bypass Vulnerability
  • This vulnerability is currently not publicly disclosed but it is being exploited already.
  • Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
  • The Exploitability Assessment is rated: Exploitation Detected.

In addition, it contains 1 new feature and 3 non-security fixes related to Outlook Monthly Enterprise Version 2305.

• Block emails with sensitive labels
  Implement pop-up messages in Outlook that warn, justify, or block emails being sent based on sensitivity labels.
• We fixed an issue where the application would close unexpectedly when searching using dates.
• We fixed an issue that caused users to see the error, “We cannot render Actionable Messages right now” when reading some email messages.
• We fixed an issue where doing a mail merge would display the error, “Microsoft Word is required to run the Mail Merge Wizard”.

Version 2302 has now also been released to the Semi-Annual Enterprise Channel and contains 1 highlighted new features and 25 fixes which have been made available already to the other release channels. The new feature and some notable fixes are;

• Improved Calendar Search
  Improvements have been made to Calendar search, largest of which is the ability to more easily find the next occurrence of a series in search results.
• We fixed an issue that caused users with an Outlook.com account in their profile to be prompted for their password and to receive the following error message: “You cannot log in with a personal account. Use your work or school account.”
• We fixed an issue that caused Outlook to close unexpectedly when using Loop Components in an email.
• We fixed an issue where some settings did not roam between machines when switching to Focused Inbox.
• We fixed an issue that caused the Sub-folders search scope to be broken when searching in the Online Archive.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
  Version 2306 (Build 16529.20182)
• Monthly Enterprise
  Version 2305 (Build 16501.20242)
  Version 2304 (Build 16327.20348)
• Semi-Annual Enterprise (Preview)
  Version 2302 (Build 16130.20644)
• Semi-Annual Enterprise
  Version 2302 (Build 16130.20644)
  Version 2208 (Build 15601.20706)
  Version 2202 (Build 14931.21040) 
• Outlook LTSC 2021
  Version 2108 (Build 14332.20529)
• Outlook 2019 Volume Licensed
  Version 1808 (Build 10400.20007)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

A Security Update has been released for Outlook 2016. It resolves the following vulnerabilities;

• CVE-2023-33151: Microsoft Outlook Spoofing Vulnerability
  • This vulnerability is currently not publicly disclosed nor exploited.
  • Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
  • The Exploitability Assessment is rated: Exploitation Less Likely.
• CVE-2023-35311: Microsoft Outlook Security Feature Bypass Vulnerability
• This vulnerability is currently not publicly disclosed but it is being exploited already.
• Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
• The Exploitability Assessment is rated: Exploitation Detected.

View: Download information for KB5002427

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5404.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.

A Security Update has been released for Outlook 2013. It resolves the following vulnerabilities;

• CVE-2023-33151: Microsoft Outlook Spoofing Vulnerability
  • This vulnerability is currently not publicly disclosed nor exploited.
  • Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
  • The Exploitability Assessment is rated: Exploitation Less Likely.
• CVE-2023-35311: Microsoft Outlook Security Feature Bypass Vulnerability
• This vulnerability is currently not publicly disclosed but it is being exploited already.
• Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
• The Exploitability Assessment is rated: Exploitation Detected.

View: Download information for KB5002432

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5571.1000.

Microsoft released the June 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

This time there are 1 new feature and 2 documented fixes.

• Block emails with sensitive labels
  Implement pop-up messages in Outlook that warn, justify, or block emails being sent based on sensitivity labels.
• We fixed an issue where the Me control showed the wrong display name in Office apps.
• We fixed an issue where doing a mail merge would display the error, “Microsoft Word is required to run the Mail Merge Wizard”.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2306 (Build 16529.20154).

The June security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 5 security updates for Excel (3), and Office (2).

In addition, it contains 1 new feature and 7 non-security fixes for Monthly Enterprise Version 2304, 2 fixes for Monthly Enterprise Version 2303, and 4 fixes for Semi-Annual (Preview) Version 2302.

• Version 2304
• Sensitivity Label scoping between files, emails and meetings
  Office applications can now filter out sensitivity labels based on the document type. For example, Outlook email will no longer show labels that only apply to Word, Excel, and PowerPoint documents.
• We fixed an issue where the “From” field and Signatures were not working while using Google Workspace Sync for Microsoft Outlook.
• We fixed an issue where the links associated with known issues were not shown to customers who were using the Contact Support feature.
• We fixed an issue where Outlook would close unexpectedly when Microsoft 365 apps in the Navigation Pane were closed.
• We fixed an issue where some users may be unable to view or access group email messages and calendars in the Outlook desktop client.
• We fixed an issue with the sensitivity label not being applied to protected messages.
• We fixed an issue that caused users of the Event-Based feature to be unable to utilize some of the new APIs included in Mailbox Requirement Set 1.13.
• Version 2304, 2303 and 2302
• We fixed an issue where drafting a new email and @mentioning an Outlook contact group (a contact group that is created locally) in the email body wouldn’t add the contact group to the ‘To’ field.
• Version 2303 and 2303
• We fixed an issue where users couldn’t see the sensitivity label applied to an email on louder label anchor when the label wasn’t included in their label policy.
• Version 2302
• We fixed an issue where Outlook would close unexpectedly when forwarding a large email with an SVG file if “Spell check before sending” was enabled.
• We fixed an issue where the Organization tab of people cards was stuck in a “Loading” state indefinitely.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
  Version 2305 (Build 16501.20210)
• Monthly Enterprise
  Version 2304 (Build 16327.20324)
  Version 2303 (Build 16227.20354)
• Semi-Annual Enterprise (Preview)
  Version 2302 (Build 16130.20580)
• Semi-Annual Enterprise
  Version 2208 (Build 15601.20680)
  Version 2202 (Build 14931.21024) 
• Outlook LTSC 2021
  Version 2108 (Build 14332.20517)
• Outlook 2019 Volume Licensed
  Version 1808 (Build 10399.20000)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

Security updates have been released for Exchange 2016 and Exchange 2019. There is no security update for Exchange 2013 as support ended on April 11, 2023.

The updates fix the following vulnerabilities;

• CVE-2023-28310: Remote Code Execution Vulnerability
• CVE-2023-32031: Remote Code Execution Vulnerability

Both vulnerabilities aren’t currently publicly disclosed nor exploited. However, they are rated as “Exploitation More Likely” so make sure you update as soon as possible!

The updates also contain the following non-security issues;

• Failure in Public Folder Quota email notifications (Exchange 2019 only
• Extended Protection doesn’t support Public Folder Client Permission Management through Outlook
• Microsoft Exchange Replication service crashes on host server
• Store Worker process crashes and returns “System.NullReferenceExceptions” multiple times per day
• Exchange won’t uninstall after the January Security Update (KB5022143) is applied

View: Exchange Blog: Released: June 2023 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019: June 13, 2023 (KB5026261)
View: Description of the security update for Microsoft Exchange Server 2016: June 13, 2023 (KB5025903)

Download: Security Update for Exchange 2019 CU12 and CU13
Download: Security Update for Exchange 2016 CU23.

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

• CVE-2023-33131: Microsoft Outlook Remote Code Execution Vulnerability
  • This vulnerability is currently not publicly disclosed nor exploited.
  • Exploitation of the vulnerability requires that a user opens a specially crafted file. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link.
  • The Exploitability Assessment is rated: Exploitation Less Likely.

View: Download information for KB5002387

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5395.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.

A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

• CVE-2023-33131: Microsoft Outlook Remote Code Execution Vulnerability
  • This vulnerability is currently not publicly disclosed nor exploited.
  • Exploitation of the vulnerability requires that a user opens a specially crafted file. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link.
  • The Exploitability Assessment is rated: Exploitation Less Likely.

View: Download information for KB5002382

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5537.1000.

With a small delay, Microsoft released the May 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

This times there are 1 new feature and 4 documented fixes.

• Accessibility Ribbon in Outlook for Windows
  The Accessibility Ribbon brings together in one place all the tools you need to make your emails accessible.
• We fixed an issue that caused users to see the error, “We cannot render Actionable Messages right now” when reading some email messages.
• We fixed an issue where Outlook would close unexpectedly when Microsoft 365 apps in the Navigation Pane were closed.
• We fixed an issue where the application would close unexpectedly when searching using dates.
• We fixed an issue where the links associated with known issues were not shown to customers who were using the Contact Support feature.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2305 (Build 16501.20196).