Executing PowerShell Scripts FAQ and Tips & Tricks

PowerShell Script buttonThere are several guides containing PowerShell scripts on HowTo-Outlook.com. PowerShell is a powerful scripting language which can be used by many applications including Outlook and Exchange. For end-user usage, it can be seen as the successor of vbs and batch scripts.

PowerShell scripts are easy to use but there are a couple of things to be aware of, especially when it is the first time you use such scripts.

This guide contains frequently asked questions regarding the use of PowerShell scripts and some additional tips and tricks to get you started.

Continue reading: Executing PowerShell Scripts FAQ and Tips & Tricks


 


Outlook 2016 / 2019 / 365 Update for August 2019

News

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of an Office 365 subscription.

It contains 6 security updates for Outlook (3), Word (2) and Office (1). Details about the Outlook vulnerabilities;

  • CVE-2019-1199: Microsoft Outlook Memory Corruption Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. Note that the Preview Pane is an attack vector for this vulnerability
  • CVE-2019-1200: Microsoft Outlook Remote Code Execution Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. Note that the Preview Pane is not an attack vector for this vulnerability.
  • CVE-2019-1204: Microsoft Outlook Elevation of Privilege Vulnerability
    An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB). To exploit the vulnerability, the attacker could send a specially crafted email to a victim. Outlook would then attempt to open a pre-configured message store contained in the email upon receipt of the email.

Based on your release channel, you’ll be updated to the following version;

  • Office 365, Outlook 2016 Retail, Outlook 2019 Retail
    Version 1907 (Build 11901.20218)
  • Outlook 2019 Volume License
    Version 1808 (Build 10349.20017)
  • Office 365 Semi Annual Channel
    Version 1902 (Build 11328.20392)
    Version 1808 (Build 10730.20370)
    Version 1803 (Build 9126.2432)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installation of Office 2016.


      Outlook 2016 Security Update for August 2019

      News

      A Security Update has been released for Outlook 2016. It resolves the following 2 vulnerabilities and includes 6 additional non-security improvements or fixes;

      • CVE-2019-1200: Microsoft Outlook Remote Code Execution Vulnerability
        A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. Note that the Preview Pane is not an attack vector for this vulnerability.
      • CVE-2019-1204: Microsoft Outlook Elevation of Privilege Vulnerability
        An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB). To exploit the vulnerability, the attacker could send a specially crafted email to a victim. Outlook would then attempt to open a pre-configured message store contained in the email upon receipt of the email.
      • Improved translations for all language versions of Outlook 2016.
      • Fix: In certain circumstances, such as switching folders or clearing search results, you see a black rectangle instead of the message list scroll bar.
      • Fix: The Notes and Message fields in some Outlook Items that are created by migration tools may not be editable.
      • Fix: The first time that you switch to Calendar view after you log in to Outlook, the primary calendar is not selected by default. Instead, a shared calendar is selected.
      • Fix: When you save a single attachment by using the context menu, users are not notified if the operations fails.
      • Fix: If a user sends an email message that contains combined languages in the Subject line, and a recipient sends a read receipt to the message, the original sender may see broken text in the Subject line of the read receipt. This update adds the ReadReceiptSubjectUseEnglish registry key to force the Subject line of a read receipt to be in English. To fix this issue, set the following registry key in Group Policy to fix this issue for all users:
        • Location: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Preferences
        • Name: ReadReceiptSubjectUseEnglish
        • Type: DWORD
        • Value data: 1

      View: Download information for KB4475553

      Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4888.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.


      Sperry Software
      Use "BH93RF24" to get a discount when ordering!

      Outlook 2013 Security Update for August 2019

      News

      A Security Update has been released for Outlook 2013. It resolves the following 2 vulnerabilities and includes 2 additional non-security improvements or fixes;

      • CVE-2019-1200: Microsoft Outlook Remote Code Execution Vulnerability
        A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. Note that the Preview Pane is not an attack vector for this vulnerability.
      • CVE-2019-1204: Microsoft Outlook Elevation of Privilege Vulnerability
        An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB). To exploit the vulnerability, the attacker could send a specially crafted email to a victim. Outlook would then attempt to open a pre-configured message store contained in the email upon receipt of the email.
      • Improved translations for all language versions of Outlook 2013.
      • Fix: The Notes and Message fields in some Outlook Items that are created by migration tools may not be editable.

      View: Download information for KB4475563

      Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5163.1000.


      Outlook 2010 Security Update for August 2019

      News

      A Security Update has been released for Outlook 2010. It resolves the following 2 vulnerabilities and includes 1 additional non-security fix;

      • CVE-2019-1200: Microsoft Outlook Remote Code Execution Vulnerability
        A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. Note that the Preview Pane is not an attack vector for this vulnerability.
      • CVE-2019-1204: Microsoft Outlook Elevation of Privilege Vulnerability
        An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB). To exploit the vulnerability, the attacker could send a specially crafted email to a victim. Outlook would then attempt to open a pre-configured message store contained in the email upon receipt of the email.
      • Fix: The Notes and Message fields in some Outlook Items that are created by migration tools may not be editable.

      View: Download information for KB4475573

      Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7236.5000.


      Outlook for Office 365 Feature Update for July 2019

      News

      The July feature update of Outlook for Office 365 (Monthly Channel) is now available and it comes with one major change for Outlook.

      • Get email suggestions when you search for a person
        When you type a person’s name in the Search box, the most relevant email messages will be included with your search suggestions.

      Word, Excel and PowerPoint also a got a couple of new features. The one that I’m quite happy about and which applies to all 3 applications is;

      • No more bouncing to the browser
        You decide how links to Office documents open: in the browser or in the app.
        Files-> Options-> Advanced-> Open supported hyperlinks to Office files in Office desktop apps

      Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself and updates Outlook to: Version 1907 (Build 11901.20176).


      Exchange 2019, 2016, 2013 and 2010 Security Updates for July 2019

      News

      Security updates have been released for Exchange 2010, Exchange 2013, Exchange 2016 and Exchange 2019.

      • CVE-2019-1084: Microsoft Exchange Information Disclosure Vulnerability (All)
        An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.
      • CVE-2019-1136: Microsoft Exchange Server Elevation of Privilege Vulnerability (Exchange 2010/2013/2016)
        An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users. Exploitation of this vulnerability requires Exchange Web Services (EWS) to be enabled and in use in an affected environment. To exploit the vulnerability, an attacker would need to execute a man-in-the-middle attack to forward an authentication request to a Microsoft Exchange Server, thereby allowing impersonation of another Exchange user. To address this vulnerability, Microsoft has changed the way EWS handles NTLM tokens.
      • CVE-2019-1137: Microsoft Exchange Server Spoofing Vulnerability (Exchange 2013/2016/2019)
        A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim’s identity to take actions on the Exchange server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Exchange Server properly sanitizes web requests.

      View: Description of the security update for Microsoft Exchange Server 2010: July 9, 2019
      View: Description of the security update for Microsoft Exchange Server 2013 and 2016: July 9, 2019
      View: Description of the security update for Microsoft Exchange Server 2019: July 9, 2019
      Download: Update Rollup 29 For Exchange 2010 SP3 (KB4509410)
      Download: Security Update For Exchange Server 2013 CU23 (KB4509409)
      Download: Security Update For Exchange Server 2016 CU12 (KB4509409)
      Download: Security Update For Exchange Server 2016 CU13 (KB4509409)
      Download: Security Update For Exchange Server 2019 CU1 (KB4509408)
      Download: Security Update For Exchange Server 2019 CU2 (KB4509408)


      Exchange 2019 CU2

      News

      Cumulative Update 2 for Exchange 2019 is now available. It contains 1 new documented security updates and 16 additional documented new fixes or improvements, as well as all previously released fixes and security updates for Exchange 2019 and the latest DST updates.

      Notable improvements, changes and fixes are;

      • Decreasing Exchange Rights in the Active Directory
        There is now a Deny ACE on the DNS Admins group and the ability for Exchange to assign Service Principal Names (SPN’s) has been removed.
      • Support for .NET Framework 4.8
        The minimum .NET requirement remains 4.7.2 and .NET 4.8 will required with the December 2019 update.
      • Controlled Connections to Public Folders in Outlook
        Admins have control over which users will see public folders in their Outlook clients.
      • Authentication Policies Update
        You can define a default authentication policy at Organization level to disable legacy authentication protocols.
      • KB4503027 which discusses ADV190018: Microsoft Exchange Server Defense in Depth Update. This update was released separately for CU1 as well.
      • KB4488396: Can’t search any results in manually added shared mailbox in Outlook in Exchange Server 2016
      • KB4502131: “TLS negotiation failed with error UnknownCredentials” error after updating TLSCertificateName on Office 365 send connector in Exchange Server 2019 hybrid environment.

      Additionally, the Exchange Team announced that they will not make any investments into support of Modern Authentication in on-premises Exchange without a hybrid deployment.

      This release includes no new updates to the Active Directory Schema.
      The next planned quarterly update is in September 2019.

      Download: Cumulative Update 2 for Exchange Server 2019 (KB4488401) (from MVLC)
      View: Description of Cumulative Update 2 for Exchange Server 2019
      View: Blog post of the Exchange Team about CU2 for Exchange Server 2019


      Exchange 2016 CU13

      News

      Cumulative Update 12 for Exchange 2016 is now available. It contains 1 new documented security updates and 14 additional documented new fixes or improvements, as well as all previously released fixes and security updates for Exchange 2016 and the latest DST updates.

      Notable improvements, changes and fixes are;

      • Decreasing Exchange Rights in the Active Directory
        There is now a Deny ACE on the DNS Admins group and the ability for Exchange to assign Service Principal Names (SPN’s) has been removed.
      • Support for .NET Framework 4.8
        The minimum .NET requirement remains 4.7.2 and .NET 4.8 will required with the December 2019 update.
      • Controlled Connections to Public Folders in Outlook
        Admins have control over which users will see public folders in their Outlook clients.
      • KB4503027 which discusses ADV190018: Microsoft Exchange Server Defense in Depth Update. This update was released separately for CU13 as well.
      • KB4488396: Can’t search any results in manually added shared mailbox in Outlook in Exchange Server 2016
      • KB4502131: “TLS negotiation failed with error UnknownCredentials” error after updating TLSCertificateName on Office 365 send connector in Exchange Server 2016 hybrid environment

      This release includes no new updates to the Active Directory Schema.
      The next planned quarterly update is in September 2019. 

      Download: Cumulative Update 13 for Exchange Server 2016 (KB4488406)
      Download: Exchange Server 2016 CU13 UM Language Packs
      View: Description of Cumulative Update 13 for Exchange Server 2016
      View: Blog post of the Exchange Team about CU13 for Exchange Server 2016


      Exchange 2013 CU23

      News

      Cumulative Update 23 for Exchange 2013 is now available. It contains 1 documented security update and 1 additional documented new fix or improvement, as well as all previously released fixes and security updates for Exchange 2013 and the latest DST updates. Note that mainstream support for Exchange 2013 has ended in April 2018.

      • KB4502131: “TLS negotiation failed with error UnknownCredentials” error after updating TLSCertificateName on Office 365 send connector in Exchange Server 2013 hybrid environment
      • KB4503028 which discusses ADV190018: Microsoft Exchange Server Defense in Depth Update. This update was released separately for CU22 as well.

      This release includes no new updates to the Active Directory Schema.

      Download: Cumulative Update 23 for Exchange Server 2013 (KB4489622)
      Download: Exchange Server 2013 CU23 UM Language Packs
      View: Description of Cumulative Update 23 for Exchange Server 2013
      View: Blog post of the Exchange Team about CU23 for Exchange Server 2013


      Importing eml-files into Outlook

      Import EML buttonIf you’ve ever used Outlook Express, Windows (Live) Mail, Thunderbird, Lotus/IBM Notes or basically any mail client other then Outlook, chances are that you have some eml-files stored somewhere as well.

      While Outlook does support opening eml-files, it doesn’t offer a way to import them into Outlook.

      This guides contains instructions and 2 scripts to import eml-files into an Outlook folder of your choice.

      Continue reading: Importing eml-files into Outlook


      First look at the new Outlook for Windows interface with a simplified Ribbon

      News

      Microsoft has released a blog post and a video in which it explains and shows off the design changes that will be coming to Office.com and Office 365.

      One of the major visible changes is the new simplified Ribbon. Instead of having a large button or up to 3 smaller buttons on top of each other, the updated Ribbon contains only 1 line of command icons on each of the Ribbon tabs.

      Preview of the new single line command bar in Outlook.
      Preview of the new single line command bar in Outlook. (captured from the video linked below)

      This redesign allows for a cleaner interface with the commands which matter the most and with more vertical screen space left for the actual content that you are working on.

      There will also be an option to expand the Ribbon to return the “classic” three-line layout in case you don’t like the change, want to decide for yourself when you are ready to change or when you simply want to dedicate more screen space to the available commands.

      Microsoft will start rolling out this new experience in Outlook for Desktop to a select amount of Insiders in July.

      View: Power and simplicity – updates to the Office 365 user experience
      View: Updates to the Microsoft Office user experience (video)


      7 Tips to prevent your Calendar from crashing or becoming out-of-sync

      For many, the Calendar in Outlook is a crucial part of their day and for future planning. To make sure you can rely on it, there are a couple of do’s and don’ts.

      Especially when it comes to the handling of meeting requests, or when having delegates assigned to your Calendar, or when you are a delegate yourself, there are a couple of important things to be aware of.

      Failing to do so, could cause your Calendar to become out-of-sync or produce corruptions which can cause Outlook to crash whenever you try to do anything with your Calendar.

      Continue reading: 7 Tips to prevent your Calendar from crashing or becoming out-of-sync


      Color Code your Emails, Calendar, Contacts or Tasks automatically with Conditional Formatting

      Conditional Formatting buttonThe Conditional Formatting feature in Outlook allows you to get organized by automatically color coding your Emails, Calendar items, Contacts and Tasks without the need to apply a Color Category to it or move them to different folders.

      The color coding isn’t just intended to emphasize certain emails but it can also be used to deemphasize certain emails such as newsletters or emails you are only a CC or BCC recipient of.

      You may actually already know Conditional Formatting without realizing it as it is for instance also being used to:

      • Show unread emails in a blue and bold font.
      • Show expired emails and completed tasks in a grey and strikethrough font.
      • Show overdue emails and tasks in a red font.

      The “Conditional Formatting” feature may look complex at first but creating color coding rules is actually fairly easy and quite powerful when used the right way.

      This guide will help you on your way to get yourself familiar with the Conditional Formatting options with 8 color coding examples which might be useful to you as well.

      Conditional Formatting usage in the Message List.
      Conditional Formatting usage in the Message List.

      Continue reading: Color Code your Emails, Calendar, Contacts or Tasks automatically with Conditional Formatting


      Imported IMAP folders are not visible or don’t show any content

      IMAP Folders buttonWhen you’ve exported your IMAP mailbox or specific folders to a pst-file which you then later open in Outlook or import into an Exchange or Outlook.com mailbox, you may be shocked to see that these folders don’t contain anything.

      Additionally, when you configure this mailbox on a smartphone or tablet as an Exchange ActiveSync account, these folders may not show at all.

      Luckily, this can be fixed without any data loss but the process to do so via MFCMAPI is not for the faint of heart or when you have many folder to fix.

      Therefor, this guide also contains a script which you can run to apply the fix for you. You can either fix a single folder, a folder and its subfolders or your entire mailbox at once.

      Continue reading: Imported IMAP folders are not visible or don’t show any content


      Downloading Outlook 2013 from Office 365 after March 1, 2017

      Download Office buttonSupport for the Office 2013 versions of Office 365 has ended and are no longer being offered for download in the download sections of Office 365 Home and Office 365 for Business.

      If you still have it installed, you will receive Security Updates until April 10, 2023.

      Upgrading to Office 2016 is highly recommended and also already part of your Office 365 subscription. However, common reasons why you might still need Office/Outlook 2013 are;

      When you still need to (re-)install Office 2013 as part of Office 365 for whatever reason, you can still download it by using a direct link or by using the Office 2013 Deployment Tool.

      Continue reading: Downloading Outlook 2013 from Office 365 after March 1, 2017


      Autodiscover: Some quick methods to get it working

      Autodiscover.xml buttonThe Autodiscover service is a required service for Outlook-Exchange connectivity since Outlook 2007 and Exchange 2007 but for whatever reason, in some Exchange environments this still hasn’t been implemented correctly.

      In some part, this was due to the fact that you could still get basic Outlook-Exchange connectivity by using some legacy Exchange 2003 RPC over HTTP dialog in Outlook. This (unsupported) method now no longer works in Outlook 2016 due to the removal of this legacy dialog since Outlook doesn’t support Exchange 2003 anymore since Outlook 2013.

      Unfortunately, this leaves enthusiastic Outlook 2016 users disconnected when Autodiscover hasn’t been provisioned correctly by your company.

      This guide contains some reasonably quick and easy and some less elegant methods for end-users but also for Exchange administrators to get your Outlook connected to Exchange again. All discussed solutions are fully supported configurations by Microsoft and do not require any changes to Exchange or the need for a new SSL Certificate.

      Continue reading: Autodiscover: Some quick methods to get it working


      New and Changed in Outlook 2016

      Outlook 2016 buttonUpgrading to Outlook 2016 from Outlook 2013 is easy and you’d probably need very little time to adjust yourself to it. In fact, if it wasn’t for the new default “colorful” theme, you’d hardly notice the upgrade to Outlook 2016 at first sight.

      This is actually part of the Office 365 strategy where major new features are also introduced during the main lifetime of the current version, as we saw with Office 2013. In the old strategy, these features were held back for the new version. Office 2016 will get the same treatment so future updates can introduce new features as well.

      Until then, there are still plenty of new features in Outlook 2016 to use and discover.

      Continue reading: New and Changed in Outlook 2016


      Upgrading to Outlook 2016

      Outlook 2016 iconPlanning to upgrade to Outlook 2016? This guide contains a lot of preparation and other information to get yourself ready to ensure a smooth transition

      Aside from the preparation steps, this guide informs you about what to expect when you start Outlook 2016 for the first time after you upgraded and how to troubleshoot several issues you may encounter during or after the installation.

      Continue reading: Upgrading to Outlook 2016


      Windows 10 (May 2019 Update or earlier) and Outlook

      Windows 10 buttonThinking about upgrading your computer to Windows 10 or are you using Outlook on a Windows 10 computer already and are being offered a major Windows 10 update?

      What should you be aware of when you heavily rely on Outlook?

      The upgrade process from Windows 7 and Windows 8 is actually quite streamlined and trouble free for most configurations. Things are even easier when applying a major update to Windows 10. However, for either upgrade, there are still a couple of attention points before you start.

      This guide contains not only upgrade preparation and troubleshooting steps but also various tips about the changes that you could encounter involving Outlook after upgrading to Windows 10.

      Continue reading: Windows 10 (May 2019 Update or earlier) and Outlook


      Outlook can’t connect to Gmail: Password incorrect

      Gmail buttonWhen configuring your Gmail account in Outlook (or other mail clients such as Thunderbird and Mail apps on (older) smartphones), you might run into continues password prompts or sync errors.

      This is because Google has turned off Basic Authentication by default for all new accounts and accounts which haven’t synced within the last 30 days and only lets you authenticate via the OAuth 2.0 standard.

      As a result, you’ll get Send/Receive errors (0x800CCC0E) and could get prompted for your Gmail password again in Outlook and the login will fail even when you supply the correct password.

      Continue reading: Outlook can’t connect to Gmail: Password incorrect


      Outlook 2016 / 2019 / 365 Update for July 2019

      News

      A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of an Office 365 subscription.

      It contains 6 security updates for Excel (3), Outlook (1), Skype (1) and Office (1). Details about the Outlook vulnerability;

      • CVE-2019-1084: Microsoft Exchange Information Disclosure Vulnerability (All)
        An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.

      In addition, an Outlook issue has been addressed that caused current folder search to intermittently fail.

      Based on your release channel, you’ll be updated to the following version;

      • Office 365, Outlook 2016 Retail, Outlook 2019 Retail
        Version 1906 (Build 11727.20244)
      • Outlook 2019 Volume License
        Version 1808 (Build 10348.20020)
      • Office 365 Semi Annual Channel
        Version 1902 (Build 11328.20368)
        Version 1808 (Build 10730.20360)
        Version 1803 (Build 9126.2428)

      Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself. This update does not apply to msi-based installation of Office 2016.


      Outlook 2016 Security Update for July 2019

      News

      A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

      • CVE-2019-1084: Microsoft Exchange Information Disclosure Vulnerability (All)
        An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.

      Additionally, the holiday file (Outlook.HOL) has been updated to extend the date range to the year 2026 for many events. To update your holidays, you’ll have to remove the current ones from your Calendar and re-import them. For more info see; Holiday updates for the Outlook Calendar.

      There is also a fix for an issue where Categories that are set on items in a shared mailbox may not be synced to the server and other clients.

      View: Download information for KB4475517

      Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4873.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.


      Outlook 2013 Security Update for July 2019

      News

      A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

      • CVE-2019-1084: Microsoft Exchange Information Disclosure Vulnerability (All)
        An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.

      Additionally, the holiday file (Outlook.HOL) has been updated to extend the date range to the year 2026 for many events. To update your holidays, you’ll have to remove the current ones from your Calendar and re-import them. For more info see; Holiday updates for the Outlook Calendar.

      View: Download information for KB4464592

      Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5153.1000.


      Outlook 2010 Security Update for July 2019

      News

      A Security Update has been released for Outlook 2010. It resolves the following vulnerability;

      • CVE-2019-1084: Microsoft Exchange Information Disclosure Vulnerability (All)
        An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.

      View: Download information for KB4475509

      Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7235.5000.