HowTo-Outlook

Microsoft has released the September 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

It’s a bit of small release for Outlook this times as it only contains 2 documented fixes;

• We fixed an issue where the setting to control how Outlook opens previous items at start-up was missing from the Options window.
• We fixed an issue that caused Outlook to exit unexpectedly when searching a shared or delegated mailbox.

But we can always rely on the Excel Team to with something exciting in those cases. This time there is a nice new feature which definitely reduces some annoyances;

• Control your data conversions
  You’ve been asking for more control over how Excel automatically converts your data to specific formats. We delivered! You now have the ability to disable specific types of automatic data conversions; this way, you won’t need to worry about Excel converting your data to a format that you didn’t want and weren’t expecting.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2309 (Build 16827.20130).

The September security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 8 security updates for Excel (1), Outlook (1), Word (2), and Office (4). The details about the Outlook vulnerability can be found below;

• CVE-2023-36763: Microsoft Outlook Information Disclosure Vulnerability
  • This vulnerability is currently not publicly disclosed nor exploited.
  • Exploitation of the vulnerability requires no user interaction and could allow the disclosure of credentials.
  • The Preview Pane is not an attack vector.
  • The Exploitability Assessment is rated: Exploitation Less Likely.

In addition, it contains 4 non-security fixes related to Outlook Current Channel Version 2308, 8 fixes related to Outlook Monthly Enterprise Version 2307, 4 fixes related to Outlook Semi-Annual Version 2302, and 1 fix related to Outlook Semi-Annual Version 2208. Most notable fixes are;

• Version 2308
  • We fixed an issue where an out-of-memory error would appear when sending email after seeing the WaitOnSend dialog pop up.
  • We fixed an issue where the External Sender tag was not showing.
  • We fixed an issue that caused Outlook to close unexpectedly when viewing an email.
  • We fixed an issue that caused Outlook to close unexpectedly in some search scenarios.
• Version 2307
  • We fixed an issue that caused the incorrect working hours to be displayed on shared-in calendars.
  • We fixed an issue that caused the application to close unexpectedly when clicking on non-HTTP links.
  • We fixed an issue that caused users to receive errors about having too many Actionable Messages open more frequently than expected.
  • We fixed an issue where Outlook would prompt the user to save changes to a meeting when no changes were made.
• Version 2302
  • We fixed an issue that caused users to receive a Non-Delivery Report (NDR) when overriding the oversharing policy notification or reporting it as a false positive.
  • We fixed an issue that caused Outlook to fail to display PolicyTips in Outlook sessions that were launched with no internet connection.
  • We fixed an issue that caused Outlook to close unexpectedly when viewing an email.
• Version 2302 and Version 2208
  • We fixed an issue that caused some users of Outlook to see a “Retrieving templates from server” dialog for a very long time when clicking on the “From” field in an email message.

Version 2308 has now also been released to the Semi-Annual Enterprise Channel (Preview) and contains 7 highlighted new features and over 37 fixes related to Outlook, which have been made available already to the Current release channel too. The new features are;

• Get relevant alerts with new Notifications pane
  Don’t let important information get buried in your inbox. The new Notifications pane in Outlook delivers notifications that are relevant to you in the context of your regular email. The pane gives you the ability to customize the types of notifications you wish to receive, including email and document @mentions, travel updates, deliveries, and more.
• Org Explorer
  Visualize and explore your company’s internal structure, work teams, and individual roles.
• Assign a sublabel as the default when a parent label is selected
  When using built-in sensitivity labels in Microsoft 365 Apps, admins can specify a sublabel to get applied automatically when a parent label is selected. This takes effect only when users select a parent label manually.
• Accessibility Ribbon in Outlook for Windows
  The Accessibility Ribbon brings together in one place all the tools you need to make your emails accessible.
• We added a registry key that hides the “Try the new Outlook” toggle
  To learn more about the new Outlook for Windows, please click here. For additional information on managing mailbox access to the new Outlook for Windows, please click here.
  • Key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\General
  • Value type: REG_DWORD
  • Value name: HideNewOutlookToggle
  • Possible values;
    • 0 (default) – “Try the new Outlook” toggle, if available in selected update channel, is displayed to users
    • 1 – “Try the new Outlook” toggle is hidden
• Inheritance of attachment labels to email messages
  For email messages with attachments, apply a label that matches the highest classification of those attachments.
• Block emails with sensitive labels
  Implement pop-up messages in Outlook that warn, justify, or block emails being sent based on sensitivity labels.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
  Version 2308 (Build 16731.20234)
• Monthly Enterprise
  Version 2307 (Build 16626.20208)
  Version 2306 (Build 16529.20254)
• Semi-Annual Enterprise (Preview)
  Version 2308 (Build 16731.20234)
• Semi-Annual Enterprise
  Version 2302 (Build 16130.20766)
  Version 2208 (Build 15601.20772) 
• Outlook LTSC 2021
  Version 2108 (Build 14332.20565)
• Outlook 2019 Volume Licensed
  Version 1808 (Build 10402.20023)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

• CVE-2023-36763: Microsoft Outlook Information Disclosure Vulnerability
  • This vulnerability is currently not publicly disclosed nor exploited.
  • Exploitation of the vulnerability requires no user interaction and could allow the disclosure of credentials.
  • The Preview Pane is not an attack vector.
  • The Exploitability Assessment is rated: Exploitation Less Likely.

View: Download information for KB5002499

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5413.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.

Security updates have been released for Exchange 2016 and Exchange 2019. There is no security update for Exchange 2013 as support ended on April 11, 2023.

The updates fix the following vulnerabilities;

• CVE-2023-21709: Microsoft Exchange Server Elevation of Privilege Vulnerability
• CVE-2023-35368: Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2023-35388: Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2023-36744: Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2023-36745: Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2023-36756: Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2023-36757: Microsoft Exchange Spoofing Vulnerability
• CVE-2023-36777: Microsoft Exchange Server Information Disclosure Vulnerability
• CVE-2023-38181: Microsoft Exchange Server Spoofing Vulnerability
• CVE-2023-38182: Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2023-38185: Microsoft Exchange Server Remote Code Execution Vulnerability

None of the vulnerabilities are currently publicly disclosed nor exploited. However, 2 of them are rated as “Exploitation More Likely” so make sure you update as soon as possible!

Additionally, to properly address vulnerability CVE-2023-21709, you must run a script or an additional PowerShell command as discussed in the referenced article.

The updates also contain the following new feature and non-security issues;

• Enable support for AES256-CBC-encrypted content in Exchange Server August 2023 SU
• DST settings are inaccurate after an OS update
• Microsoft Exchange replication service repeatedly stops responding
• Chinese coded characters aren’t supported in Exchange Admin Center
• External email address field doesn’t display the correct username

View: Exchange Blog: Released: August 2023 Exchange Server Security Updates
View: Exchange Blog: September 2023 release of new Exchange Server CVEs (resolved by August 2023 Security Updates)
View: Description of version 2 of the security update for Microsoft Exchange Server 2019 and 2016: August 15, 2023 (KB5030524) 

Download: Security Update V2 for Exchange 2019 CU12 and CU13
Download: Security Update V2 for Exchange 2016 CU23.

A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

• CVE-2023-36893: Microsoft Outlook Spoofing Vulnerability
  • This vulnerability is currently not publicly disclosed nor exploited.
  • Exploitation of the vulnerability requires that a user with an affected version of Outlook opens a malicious meeting or appointment invite from the attacker.
  • The Preview Pane is not an attack vector.
  • The Exploitability Assessment is rated: Exploitation Less Likely.

View: Download information for KB5002449

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5579.1000.

Cumulative Update 13 for Exchange 2019 is now available. With the new release model, it is officially called; The 2023 H1 Cumulative Update (CU) for Exchange Server 2019.

Exchange 2019 CU13 includes the following major changes;

• Enable Modern Auth for pure On-Premises Exchange users
  Support for OAuth 2.0 (also known as Modern authentication) for pure on-premises environments that use Active Directory Federated Services (AD FS) as a security token service (STS).
  To use this feature, you must be using Microsoft Outlook or any other client that supports Modern authentication by using AD FS. Currently, this feature is available only for Outlook on Windows. However, support for modern authentication will be added to other Outlook clients in the future.
  For details see; Enable Modern Auth in Exchange Server on-premises.
• Configuration backup and restore
  Setup now backs up the most common configuration settings and then restores them to the state they were in before Setup was started. Starting with the 2023 H1 CU, Setup preserves about 70 different configuration settings across multiple files.
  For details see; Exchange Server custom configuration preservation

There are 28 additional fixes documented for this release. A few notable ones are;

• KB5026273: Outlook configuration fails in Android or iOS
• KB5026156: Outlook search fails in a shared On-Premises mailbox if the primary user mailbox is migrated to Exchange Online
• KB5026267: OWA stops responding in an Exchange 2019 and 2016 coexistence topology
• KB5026278: Mailbox migration fails after Extended Protection is enabled
• KB5026138: Users receive reminders although the meeting reminder is set to None
• KB5026139: You can’t move the public folder mailbox

This release does not include new updates to the Active Directory Schema for Exchange 2019.

The next planned Cumulative Update for Exchange 2019 is in September 2023.

Exchange 2019: CU13 KB5020999 – Download
View: Blog post of the Exchange Team about CU13 for Exchange Server 2019

Note: Exchange 2016 has reached its Extended Support phase and CU23 was the last CU for it. This means that from now on, it will only receive Security Updates.