Outlook 2016 / 2019 / 365 Security Update for November 2018

News

A Security Update has been released for Outlook 2016 Retail, Outlook 2019 and Office 365. It resolves the following 6 vulnerabilities;

  • CVE-2018-8522, CVE-2018-8524 and CVE-2018-8576
    Which could allow remote code execution via a specially crafted Office file.
  • CVE-2018-8582
    Which could allow remote code execution when importing a specially crafted rwz-file (rules export).
  • CVE-2018-8558 and CVE-2018-8579
    Which could lead to information disclosure as users could share anonymously-accessible links to other users via email where these links are intended to be accessed only by specific users.

Based on your release channel, you’ll be updated to the following version;

  • Office 365, Outlook 2016 Retail, Outlook 2019 Retail
    Version 1810 (Build 11001.20108)
  • Outlook 2019 Volume License
    Version 1808 (Build 10338.20019)
  • Office 365 Semi Annual Channel
    Version 1803 (Build 9126-2315)

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself. This update does not apply to msi-based installation of Office 2016.


 


Outlook 2016 (MSI) Security Update for October 2018

News

A Security Update has been released for Outlook 2016. It resolves the vulnerabilities mentioned in CVE-2018-8522, CVE-2018-8524 and CVE-2018-8576 which could allow remote code execution via a specially crafted Office file as well as CVE-2018-8582 which could allow remote code execution when importing a specially crafted rwz-file (rules export).

This update also contains additional fixes for 13 non-security issues. Most notable are;

  • When you switch between Mail and Calendar, Outlook 2016 crashes.
  • When you reply to or forward an internal email message, the email address is not displayed in the message body. Only the display name is displayed.
  • When the primary email address and User Principal Name (UPN) are changed in Active Directory or Azure Active Directory, the old SMTP address and UPN in a user’s Outlook profile file aren’t changed.
  • When you reply to an Information Rights Management (IRM)-protected email message, you receive the following error message:
    • The operation failed. The messaging interfaces have returned an unknown error. If the problem persists, restart Outlook. [OK].
  • This update allows you to hide the retention policy User Interface (UI). via the SuppressRetentionPolicyUI Registry key.
  • This update enables support for TLS version 1.2 for IMAP, POP, and SMTP connections.

View: Download information for KB4461506

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4756.1001. This update does not apply to Perpetual and Office 365 based installations of Office 2016.


    Outlook 2013 Security Update for November 2018

    News

    A Security Update has been released for Outlook 2013. It resolves the vulnerabilities mentioned in CVE-2018-8522, CVE-2018-8524 and CVE-2018-8576 which could allow remote code execution via a specially crafted Office file as well as CVE-2018-8582 which could allow remote code execution when importing a specially crafted rwz-file (rules export).

    This update also contains additional fixes for 4 non-security issues.

    • When the primary email address and User Principal Name (UPN) are changed in Active Directory or Azure Active Directory, the old SMTP address and the UPN in a user’s Outlook profile file are not changed. 
    • You can’t switch between accounts on a custom form by using the Accounts button.
    • When running Outlook in online mode, “Cc” recipients may not appear in the email message.
    • This update also enables support for TLS version 1.2 for IMAP, POP, and SMTP connections.

    View: Download information for KB4461486

    Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5085.1000.


    MAPILab
    Use "4PM76A8" to get a discount when ordering!

    Outlook 2010 Security Update for November 2018

    News

    A Security Update has been released for Outlook 2010. It resolves the vulnerabilities mentioned in CVE-2018-8522, CVE-2018-8524 and CVE-2018-8576 which could allow remote code execution via a specially crafted Office file as well as CVE-2018-8582 which could allow remote code execution when importing a specially crafted rwz-file (rules export).

    View: Download information for KB4461529

    Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7224.5000.


    Outlook for Office 365 Feature Update for October 2018

    News

    Outlook for Office 365 (Monthly Channel) got the following new features or major changes this month;

    • People suggestions in the Scheduling Assistant
      See recommendations for attendees to add when you schedule a meeting. No more switching back and forth between the Scheduling Assistant and the To line.
    • Reserving a room just got easier
      Look for a conference room using more than one room list – and switch lists without losing rooms you’ve selected.
    • Stop seeing reminders for past events
      You can set your calendar to automatically dismiss reminders for events after they’ve ended.

    Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself and updates Outlook to: Version 1810 (Build 11001.20074).


    Exchange 2016 CU11

    News

    Cumulative Update 11 for Exchange 2016 is now available. It contains 21 documented new fixes or improvements, and all previously released fixes and security updates for Exchange 2016 as well as the latest DST updates.

    Notable improvements, changes and fixes are;

    • .NET Framework 4.7.2 is now supported.
    • VC++ 2012 runtime library is now required (in addition to the already required VC++ 2013 runtime library for the Mailbox role).
    • KB4456225: The image in a signature that’s created in Outlook on the web isn’t visible to external users in Exchange Server 2016
    • KB4456243: Hashed lines shown in scheduling assistant when Exchange Server 2016 tries to retrieve free/busy information across untrusted forests
    • KB4456259: Exchange Server 2016 user can’t access a shared calendar from Exchange Server 2013
    • KB4459847: Can’t send S/MIME encrypted mail or update the S/MIME control from Outlook on the web in Exchange Server 2016

    This release includes no new updates to the Active Directory Schema.
    The next planned quarterly update is in March 2019. 

    Download: Cumulative Update 11 for Exchange Server 2016 (KB4134118)
    Download: Exchange Server 2016 CU11 UM Language Packs
    View: Description of Cumulative Update 11 for Exchange Server 2016
    View: Blog post of the Exchange Team about CU11 for Exchange Server 2016


    Exchange 2013 and 2016 Security Updates for August 2018

    News

    Security updates have been released for Exchange 2013 and Exchange 2016. They contain updates for the following 2 security issues;

    View: Description of update KB4340731
    Download: Security Update For Exchange Server 2016 CU10 (KB4340731)
    Download: Security Update For Exchange Server 2016 CU9 (KB4340731)
    Download: Security Update For Exchange Server 2013 CU21 (KB4340731)
    Download: Security Update For Exchange Server 2013 CU20 (KB4340731)


    Exchange 2010 SP3 Rollup 23

    News

    Update Rollup 23 for Exchange 2010 Service Pack 3 is now available. It contains 1 documented new security updates and all previously released fixes and security updates for Exchange 2010 SP3. Note that mainstream support for Exchange 2010 has already ended.

    • CVE-2018-8302: Microsoft Exchange Memory Corruption Vulnerability
      Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.

    View: Description of Update Rollup 23 for Exchange Server 2010
    Download: Update Rollup 23 For Exchange 2010 SP3 (KB4340733)


    Exchange 2013 CU21

    News

    Cumulative Update 21 for Exchange 2013 is now available. It contains 10 documented new fixes or improvements, and all previously released fixes and security updates for Exchange 2013 as well as the latest DST updates. Note that mainstream support for Exchange 2013 has ended in April 2018.

    Notable improvements, changes and fixes are;

    • .NET Framework 4.7.1 is now required.
    • VC++ 2013 runtime library is now required.
    • KB4133604: User can’t log on to a POP/IMAP account by using NTLM authentication in Exchange Server 2013
    • KB4058473: An Office 365 primary mailbox user cannot be assigned full access permissions for an on-premises mailbox in Exchange Server
    • KB4294205: POP3 services intermittently stop in an Exchange Server 2013 environment

    This release includes no new updates to the Active Directory Schema.

    Download: Cumulative Update 21 for Exchange Server 2013 (KB4099855)
    Download: Exchange Server 2013 CU21 UM Language Packs
    View: Description of Cumulative Update 21 for Exchange Server 2013
    View: Blog post of the Exchange Team about CU21 for Exchange Server 2013


    First look at the new Outlook for Windows interface with a simplified Ribbon

    News

    Microsoft has released a blog post and a video in which it explains and shows off the design changes that will be coming to Office.com and Office 365.

    One of the major visible changes is the new simplified Ribbon. Instead of having a large button or up to 3 smaller buttons on top of each other, the updated Ribbon contains only 1 line of command icons on each of the Ribbon tabs.

    Preview of the new single line command bar in Outlook.
    Preview of the new single line command bar in Outlook. (captured from the video linked below)

    This redesign allows for a cleaner interface with the commands which matter the most and with more vertical screen space left for the actual content that you are working on.

    There will also be an option to expand the Ribbon to return the “classic” three-line layout in case you don’t like the change, want to decide for yourself when you are ready to change or when you simply want to dedicate more screen space to the available commands.

    Microsoft will start rolling out this new experience in Outlook for Desktop to a select amount of Insiders in July.

    View: Power and simplicity – updates to the Office 365 user experience
    View: Updates to the Microsoft Office user experience (video)


    7 Tips to prevent your Calendar from crashing or becoming out-of-sync

    For many, the Calendar in Outlook is a crucial part of their day and for future planning. To make sure you can rely on it, there are a couple of do’s and don’ts.

    Especially when it comes to the handling of meeting requests, or when having delegates assigned to your Calendar, or when you are a delegate yourself, there are a couple of important things to be aware of.

    Failing to do so, could cause your Calendar to become out-of-sync or produce corruptions which can cause Outlook to crash whenever you try to do anything with your Calendar.

    Continue reading: 7 Tips to prevent your Calendar from crashing or becoming out-of-sync


    Report Office Store Web Add-ins (apps) usage in your organization

    Office Store buttonDo you need an overview of which Outlook Store apps are being used in your Exchange organization or Office 365 tenant?

    Unfortunately, there is no direct way to report this but with a PowerShell one-liner and the Excel PivotTable and PivotChart feature, you can quickly create a nice looking report with an interactive table and chart.

    Continue reading: Report Office Store Web Add-ins (apps) usage in your organization


    Color Code your Emails, Calendar, Contacts or Tasks automatically with Conditional Formatting

    Conditional Formatting buttonThe Conditional Formatting feature in Outlook allows you to get organized by automatically color coding your Emails, Calendar items, Contacts and Tasks without the need to apply a Color Category to it or move them to different folders.

    The color coding isn’t just intended to emphasize certain emails but it can also be used to deemphasize certain emails such as newsletters or emails you are only a CC or BCC recipient of.

    You may actually already know Conditional Formatting without realizing it as it is for instance also being used to:

    • Show unread emails in a blue and bold font.
    • Show expired emails and completed tasks in a grey and strikethrough font.
    • Show overdue emails and tasks in a red font.

    The “Conditional Formatting” feature may look complex at first but creating color coding rules is actually fairly easy and quite powerful when used the right way.

    This guide will help you on your way to get yourself familiar with the Conditional Formatting options with 8 color coding examples which might be useful to you as well.

    Conditional Formatting usage in the Message List.
    Conditional Formatting usage in the Message List.

    Continue reading: Color Code your Emails, Calendar, Contacts or Tasks automatically with Conditional Formatting


    Office Cheat Sheets for Outlook

    The following downloads provide a quick overview of the basic functions in Outlook across all platforms.

    Outlook for Windows

    Outlook for Mac

    Outlook on the Web (OWA)

    Outlook for Android

    Outlook for iOS


    Imported IMAP folders are not visible or don’t show any content

    IMAP Folders buttonWhen you’ve exported your IMAP mailbox or specific folders to a pst-file which you then later open in Outlook or import into an Exchange or Outlook.com mailbox, you may be shocked to see that these folders don’t contain anything.

    Additionally, when you configure this mailbox on a smartphone or tablet as an Exchange ActiveSync account, these folders may not show at all.

    Luckily, this can be fixed without any data loss but the process to do so via MFCMAPI is not for the faint of heart or when you have many folder to fix.

    Therefor, this guide also contains a script which you can run to apply the fix for you. You can either fix a single folder, a folder and its subfolders or your entire mailbox at once.

    Continue reading: Imported IMAP folders are not visible or don’t show any content


    Downloading Outlook 2013 from Office 365 after March 1, 2017

    Download Office buttonSupport for the Office 2013 versions of Office 365 has ended and are no longer being offered for download in the download sections of Office 365 Home and Office 365 for Business.

    If you still have it installed, you will receive Security Updates until April 10, 2018.

    Upgrading to Office 2016 is highly recommended and also already part of your Office 365 subscription. However, common reasons why you might still need Office/Outlook 2013 are;

    When you still need to (re-)install Office 2013 as part of Office 365 for whatever reason, you can still download it by using a direct link or by using the Office 2013 Deployment Tool.

    Continue reading: Downloading Outlook 2013 from Office 365 after March 1, 2017


    Autodiscover: Some quick methods to get it working

    Autodiscover.xml buttonThe Autodiscover service is a required service for Outlook-Exchange connectivity since Outlook 2007 and Exchange 2007 but for whatever reason, in some Exchange environments this still hasn’t been implemented correctly.

    In some part, this was due to the fact that you could still get basic Outlook-Exchange connectivity by using some legacy Exchange 2003 RPC over HTTP dialog in Outlook. This (unsupported) method now no longer works in Outlook 2016 due to the removal of this legacy dialog since Outlook doesn’t support Exchange 2003 anymore since Outlook 2013.

    Unfortunately, this leaves enthusiastic Outlook 2016 users disconnected when Autodiscover hasn’t been provisioned correctly by your company.

    This guide contains some reasonably quick and easy and some less elegant methods for end-users but also for Exchange administrators to get your Outlook connected to Exchange again. All discussed solutions are fully supported configurations by Microsoft and do not require any changes to Exchange or the need for a new SSL Certificate.

    Continue reading: Autodiscover: Some quick methods to get it working


    New and Changed in Outlook 2016

    Outlook 2016 buttonUpgrading to Outlook 2016 from Outlook 2013 is easy and you’d probably need very little time to adjust yourself to it. In fact, if it wasn’t for the new default “colorful” theme, you’d hardly notice the upgrade to Outlook 2016 at first sight.

    This is actually part of the Office 365 strategy where major new features are also introduced during the main lifetime of the current version, as we saw with Office 2013. In the old strategy, these features were held back for the new version. Office 2016 will get the same treatment so future updates can introduce new features as well.

    Until then, there are still plenty of new features in Outlook 2016 to use and discover.

    Continue reading: New and Changed in Outlook 2016


    Upgrading to Outlook 2016

    Outlook 2016 iconPlanning to upgrade to Outlook 2016? This guide contains a lot of preparation and other information to get yourself ready to ensure a smooth transition

    Aside from the preparation steps, this guide informs you about what to expect when you start Outlook 2016 for the first time after you upgraded and how to troubleshoot several issues you may encounter during or after the installation.

    Continue reading: Upgrading to Outlook 2016


    Windows 10 (April 2018 Update) and Outlook

    Windows 10 buttonThinking about upgrading your computer to Windows 10 or are you using Outlook on a Windows 10 computer already and are being offered a major Windows 10 update?

    What should you be aware of when you heavily rely on Outlook?

    The upgrade process from Windows 7 and Windows 8 is actually quite streamlined and trouble free for most configurations. Things are even easier when applying a major update to Windows 10. However, for either upgrade, there are still a couple of attention points before you start.

    This guide contains not only upgrade preparation and troubleshooting steps but also various tips about the changes that you could encounter involving Outlook after upgrading to Windows 10.

    Continue reading: Windows 10 (April 2018 Update) and Outlook


    Outlook can’t connect to Gmail: Password incorrect

    Gmail buttonWhen configuring your Gmail account in Outlook (or other mail clients such as Thunderbird and Mail apps on (older) smartphones), you might run into continues password prompts or sync errors.

    This is because Google has turned off Basic Authentication by default for all new accounts and accounts which haven’t synced within the last 30 days and only lets you authenticate via the OAuth 2.0 standard.

    As a result, you’ll get Send/Receive errors (0x800CCC0E) and could get prompted for your Gmail password again in Outlook and the login will fail even when you supply the correct password.

    Solution 1: Re-enable Basic Authentication

    To solve this, you must re-enable Basic Authentication for Outlook in your Google Account Settings. This can be done via the “Allow less secure apps” page where you set it to “On”.

    By default, Basic Authentication has been turned off in Gmail.
    By default, Basic Authentication has been turned off in Gmail.

    Solution 2: Enable 2-Step Verification (Recommended)

    Another way to go would be to enable “2-Step Verification”. This is a bit more work but also quite a bit more secure and highly recommended.

    When you use this solution, you can create a special “App Password” which you’ll then use within Outlook to logon to Gmail rather than using your regular password.

    For step-by-step instructions to set this up see: Outlook and 2-Step Verification for Gmail accounts.

    Secure your Gmail account with 2-Step Verification.
    Secure your Gmail account with 2-Step Verification.

    Native OAuth 2.0 support in Outlook

    Native support for OAuth 2.0 in Outlook (2016/2019/365) is being worked on but nothing has been announced yet.


    Outlook 2016 / 2019 / 365 Security Update for October 2018

    News

    A Security Update has been released for Outlook 2016 Retail, Outlook 2019 and Office 365. It provides “enhanced security as a defense in depth measure” as described in ADV180026 and is not related to a known security vulnerability.

    Based on your release channel, you’ll be updated to the following version;

    • Office 365, Outlook 2016 Retail, Outlook 2019 Retail
      Version 1809 (Build 10827.20150)
    • Outlook 2019 Volume License
      Version 1808 (Build 10337.20021)
    • Office 365 Semi Annual Channel
      Version 1803 (Build 9126.2295)

    Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself. This update does not apply to msi-based installation of Office 2016.


    Outlook 2016 Security Update for October 2018

    News

    A Security Update has been released for Outlook 2016. It provides “enhanced security as a defense in depth measure” as described in ADV180026 and is not related to a known security vulnerability. This update also contains additional fixes for 10 non-security issues.

    Most notable fixes in this update;

    • This update adds support for the Bcc MailTip. Bcc recipients will now receive an informative message when they click Reply All. The message will warn them that replying all as a Bcc recipient will reveal their presence in the mail thread.
    • When you disable the Reply All button by using the DisabledCmdBarItemsList registry key, the Forward button is also accidentally disabled.
    • The message body of an attached email message is not displayed correctly.

    View: Download information for KB4461440

    Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4756.1001. This update does not apply to Perpetual and Office 365 based installations of Office 2016.


    Outlook 2013 Security Update for October 2018

    News

    A Security Update has been released for Outlook 2013. It provides “enhanced security as a defense in depth measure” as described in ADV180026 and is not related to a known security vulnerability. This update also contains additional fixes for 2 non-security issues.

    • In some cases, the message body of an attached email message is not displayed correctly. For example, after you apply the update KB 4011078, the content in the message body of the attached email message becomes plain text when Outlook 2013 is configured for Exchange online.
    • When the message body of an email message includes a text line that begins with a space and exceeds 988 octets, Outlook fails to upload the message to the IMAP server.

    View: Download information for KB4092477

    Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5075.1001.