Outlook for Microsoft 365 Apps Feature Update for September 2020

News

Right before the end of September Microsoft released the August feature update of Outlook for Microsoft 365 Apps in the Current Channel (previously known as the Office 365 Monthly Channel).

It comes with 2 new features for Outlook and 1 highlighted fix. It also includes the 2 fixes included in last week’s bug fix for Version 2008. The new features and fixes are listed below;

  • Auto-Expanding Online Archive Search
    Enabling auto-expanding Online Archive Search
  • New profile card for Outlook
    New profile card for Outlook including a better Organization view and matches the card style of Outlook Web.
  • Addresses an issue that caused some automatically generated emails to be sent with a blank body when the subject line is blank.
  • Addresses an issue that caused users to be unable to close shared calendars by clicking on the “X” in the corner.
  • Addresses a performance issue with attachment upload.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2009 (Build 13231.20262).


MAPILab
Use "4PM76A8" to get a discount when ordering!

Exchange 2019 CU7 and Exchange 2016 CU18

News

Cumulative Update 7 for Exchange 2019 is now available as well as Cumulative Update 18 for Exchange 2016

They both contain the same 14 documented new fixes or improvements, as well as all previously released fixes and security updates for their respective Exchange version and the latest DST updates. The CU for Exchange 2019 also includes an updated Sizing Calculator.

Notable improvements, changes and fixes are;

  • KB4570251: Inbox rule applying a personal tag doesn’t stamp RetentionDate.
  • KB4576650: Can’t add remote mailbox when setting email forwarding in Hybrid environment.
  • KB4570247: CSV log of Discovery export fails to properly escape target path field.
  • KB4570254: MSExchangeMapiMailboxAppPool causes prolonged 100% CPU.
  • KB4563416: Can’t view Online user free/busy status.
  • KB4576651: Can’t join Teams meetings from Surface Hub devices.
  • KB4577352: Description of the security update for Microsoft Exchange Server 2019 and 2016: September 8, 2020.

This release includes no new updates to the Active Directory Schema.
The next planned quarterly update is in December 2020.

Exchange 2019: CU7 KB4571787VLSC Download
Exchange 2016: CU18 KB4571788DownloadUM Language Pack
View: Blog post of the Exchange Team about CU7 for Exchange Server 2019 and CU 18 for Exchange 2016.


Outlook 2016 / 2019 / 365 Update for September 2020

News

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of a Microsoft 365 subscription.

It contains 9 security updates for Excel (4), Outlook (2), Word (3) and Office (2).

In addition, it contains no documented non-security fixes for Outlook Current Version 2008, 2 features and 10 fixes for Monthly Enterprise 2007, 8 features and 42 fixes for a completely new Semi-Annual (Preview) Version 2008, 1 fix for Semi-Annual 2002. Most notable are;

  • Version 2007 –  Incident Notification for IT Admins
    Microsoft 365 tenant global administrators and Office Apps Administrators will be notified about Outlook and O365 Exchange incidents affecting their users with a new right-side panel notification in Outlook for Windows.
  • Version 2007 – Quickly reopen items from previous session
    We added an option to quickly reopen items from a previous Outlook session. Whether Outlook crashes or you close it, you’ll now be able to quickly relaunch items when you reopen the app. This feature is on by default. To turn it off, go to Options > General > Start up Options.

    Outlook closed while you had items open. Reopen those items from your last session?

  • Version 2007
    Addressed an issue that caused outlook users to see issues with navigation in compact views.
  • Version 2007
    Addressed an issue that caused the Scheduling Assistant page to fail to display.
  • Version 2007
    Addressed an issue that caused Outlook to fail to retrieve search suggestions.
  • Version 2002
    Fixes an issue that caused users to be unable to connect to Public Folders after adding a shared mailbox.

Based on your release channel, you’ll be updated to the following version;

  • Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail
    Version 2008 (Build 13127.20408)
  • Monthly Enterprise
    Version 2007 (Build 13029.20534)
    Version 2006 (Build 13001.20648)
  • Semi-Annual Enterprise (Preview)
    Version 2008 (Build 13127.20408)
  • Semi-Annual Enterprise
    Version 2002 (Build 12527.21104)
    Version 1908 (Build 11929.20946) 
  • Outlook 2019 Volume License
    Version 1808 (Build 10366.20016)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.


Outlook 2016 (MSI) Update for September 2020

News

A Rollup Update has been released for Outlook 2016. This is a non-security update which contains the following documented improvements fixes.

  • Fixes an issue that causes the SharePoint site option not to appear under Attach File > Browse Web Locations.
    Note To fix this issue, you must install KB4484395 together with this update.
  • Fixes an issue for Calendar Overlay users that causes Outlook to default to the last-added calendar instead of the primary calendar when they switch to the calendar module.
  • Fixes an issue that causes users to be unable to turn off the Outlook Today functionality.
  • Changes the default fallback encryption from 3DES to AES256. The default fallback encryption is chosen if the recipients’ certification doesn’t have Secure/Multipurpose Internet Mail Extensions (S/MIME) capabilities published to the certificate.

View: Download information for KB4484511

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5056.1000. This update does not apply to Perpetual and Microsoft 365 based installations of Office 2016.


Outlook 2013 Security Update for August 2020

News

A Security Update has been released for Outlook 2013. It resolves the following vulnerabilities;

  • CVE-2020-1483: Microsoft Outlook Memory Corruption Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.
  • CVE-2020-1493: Microsoft Outlook Information Disclosure Vulnerability
    An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.
    To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting.
    The security update addresses the vulnerability by correcting how Outlook handles file attachment links.

View: Download information for KB4484486

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5267.1000.


Outlook 2010 Security Update for August 2020

News

A Security Update has been released for Outlook 2010. It resolves the following vulnerabilities;

  • CVE-2020-1483: Microsoft Outlook Memory Corruption Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.
  • CVE-2020-1493: Microsoft Outlook Information Disclosure Vulnerability
    An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.
    To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting.
    The security update addresses the vulnerability by correcting how Outlook handles file attachment links.

View: Download information for KB4484475

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7256.5000.


S/MIME support for Outlook on the Web (OWA) in Google Chrome or Microsoft Edge

S/MIME buttonS/MIME support for Outlook on the Web (OWA) used to be only available in Internet Explorer but it is now also possible to add this to Google Chrome and the new Microsoft Edge browser.

However, adding the required extension isn’t (currently) possible via the traditional means of using the Chrome Web Store or the Microsoft Edge Addons page.

This guide explains how you can manually install or deploy the Microsoft S/MIME Control for Outlook on the web.

Continue reading: S/MIME support for Outlook on the Web (OWA) in Google Chrome or Microsoft Edge


Executing PowerShell Scripts FAQ and Tips & Tricks

PowerShell Script buttonThere are several guides containing PowerShell scripts on HowTo-Outlook.com. PowerShell is a powerful scripting language which can be used by many applications including Outlook and Exchange. For end-user usage, it can be seen as the successor of vbs and batch scripts.

PowerShell scripts are easy to use but there are a couple of things to be aware of, especially when it is the first time you use such scripts.

This guide contains frequently asked questions regarding the use of PowerShell scripts and some additional tips and tricks to get you started.

Continue reading: Executing PowerShell Scripts FAQ and Tips & Tricks


Exchange 2013 CU23

News

Cumulative Update 23 for Exchange 2013 is now available. It contains 1 documented security update and 1 additional documented new fix or improvement, as well as all previously released fixes and security updates for Exchange 2013 and the latest DST updates. Note that mainstream support for Exchange 2013 has ended in April 2018.

  • KB4502131: “TLS negotiation failed with error UnknownCredentials” error after updating TLSCertificateName on Office 365 send connector in Exchange Server 2013 hybrid environment
  • KB4503028 which discusses ADV190018: Microsoft Exchange Server Defense in Depth Update. This update was released separately for CU22 as well.

This release includes no new updates to the Active Directory Schema.

Download: Cumulative Update 23 for Exchange Server 2013 (KB4489622)
Download: Exchange Server 2013 CU23 UM Language Packs
View: Description of Cumulative Update 23 for Exchange Server 2013
View: Blog post of the Exchange Team about CU23 for Exchange Server 2013


Importing eml-files into Outlook

Import EML buttonIf you’ve ever used Outlook Express, Windows (Live) Mail, Thunderbird, Lotus/IBM Notes or basically any mail client other then Outlook, chances are that you have some eml-files stored somewhere as well.

While Outlook does support opening eml-files, it doesn’t offer a way to import them into Outlook.

This guides contains instructions and 2 scripts to import eml-files into an Outlook folder of your choice.

Continue reading: Importing eml-files into Outlook


First look at the new Outlook for Windows interface with a simplified Ribbon

News

Microsoft has released a blog post and a video in which it explains and shows off the design changes that will be coming to Office.com and Office 365.

One of the major visible changes is the new simplified Ribbon. Instead of having a large button or up to 3 smaller buttons on top of each other, the updated Ribbon contains only 1 line of command icons on each of the Ribbon tabs.

Preview of the new single line command bar in Outlook.
Preview of the new single line command bar in Outlook. (captured from the video linked below)

This redesign allows for a cleaner interface with the commands which matter the most and with more vertical screen space left for the actual content that you are working on.

There will also be an option to expand the Ribbon to return the “classic” three-line layout in case you don’t like the change, want to decide for yourself when you are ready to change or when you simply want to dedicate more screen space to the available commands.

Microsoft will start rolling out this new experience in Outlook for Desktop to a select amount of Insiders in July.

View: Power and simplicity – updates to the Office 365 user experience
View: Updates to the Microsoft Office user experience (video)


7 Tips to prevent your Calendar from crashing or becoming out-of-sync

Healthy Calendar buttonFor many, the Calendar in Outlook is a crucial part of their day and for future planning. To make sure you can rely on it, there are a couple of do’s and don’ts.

Especially when it comes to the handling of meeting requests, or when having delegates assigned to your Calendar, or when you are a delegate yourself, there are a couple of important things to be aware of.

Failing to do so, could cause your Calendar to become out-of-sync or produce corruptions which can cause Outlook to crash whenever you try to do anything with your Calendar.

Continue reading: 7 Tips to prevent your Calendar from crashing or becoming out-of-sync


Color Code your Emails, Calendar or Tasks automatically with Conditional Formatting

Conditional Formatting buttonThe Conditional Formatting feature in Outlook allows you to get organized by automatically color coding your Emails, Calendar items, Contacts and Tasks without the need to apply a Color Category to it or move them to different folders.

The color coding isn’t just intended to emphasize certain emails but it can also be used to deemphasize certain emails such as newsletters or emails you are only a CC or BCC recipient of.

You may actually already know Conditional Formatting without realizing it as it is for instance also being used to:

  • Show unread emails in a blue and bold font.
  • Show expired emails and completed tasks in a grey and strikethrough font.
  • Show overdue emails and tasks in a red font.

The “Conditional Formatting” feature may look complex at first but creating color coding rules is actually fairly easy and quite powerful when used the right way.

This guide will help you on your way to get yourself familiar with the Conditional Formatting options with 8 color coding examples which might be useful to you as well.

Conditional Formatting usage in the Message List.
Conditional Formatting usage in the Message List.

Continue reading: Color Code your Emails, Calendar or Tasks automatically with Conditional Formatting


Imported IMAP folders are not visible or don’t show any content

IMAP Folders buttonWhen you’ve exported your IMAP mailbox or specific folders to a pst-file which you then later open in Outlook or import into an Exchange or Outlook.com mailbox, you may be shocked to see that these folders don’t contain anything.

Additionally, when you configure this mailbox on a smartphone or tablet as an Exchange ActiveSync account, these folders may not show at all.

Luckily, this can be fixed without any data loss but the process to do so via MFCMAPI is not for the faint of heart or when you have many folder to fix.

Therefor, this guide also contains a script which you can run to apply the fix for you. You can either fix a single folder, a folder and its subfolders or your entire mailbox at once.

Continue reading: Imported IMAP folders are not visible or don’t show any content


Downloading Outlook 2013 from Office 365 after March 1, 2017

Download Office buttonSupport for the Office 2013 versions of Office 365 has ended and are no longer being offered for download in the download sections of Office 365 Home and Office 365 for Business.

If you still have it installed, you will receive Security Updates until April 10, 2023.

Upgrading to Office 2016 is highly recommended and also already part of your Office 365 subscription. However, common reasons why you might still need Office/Outlook 2013 are;

When you still need to (re-)install Office 2013 as part of Office 365 for whatever reason, you can still download it by using a direct link or by using the Office 2013 Deployment Tool.

Continue reading: Downloading Outlook 2013 from Office 365 after March 1, 2017


Autodiscover: Some quick methods to get it working

Autodiscover.xml buttonThe Autodiscover service is a required service for Outlook-Exchange connectivity since Outlook 2007 and Exchange 2007 but for whatever reason, in some Exchange environments this still hasn’t been implemented correctly.

In some part, this was due to the fact that you could still get basic Outlook-Exchange connectivity by using some legacy Exchange 2003 RPC over HTTP dialog in Outlook. This (unsupported) method now no longer works in Outlook 2016, Outlook 2019 and Outlook for Office 365 due to the removal of this legacy dialog since Outlook doesn’t support Exchange 2003 anymore since Outlook 2013.

Unfortunately, this leaves up-to-date Outlook users disconnected when Autodiscover hasn’t been provisioned correctly by your company.

This guide contains some reasonably quick and easy and some less elegant methods for end-users but also for Exchange administrators to get your Outlook connected to Exchange again. All discussed solutions are fully supported configurations by Microsoft and do not require any changes to Exchange or the need for a new SSL Certificate.

Continue reading: Autodiscover: Some quick methods to get it working


New and Changed in Outlook 2016

Outlook 2016 buttonUpgrading to Outlook 2016 from Outlook 2013 is easy and you’d probably need very little time to adjust yourself to it. In fact, if it wasn’t for the new default “colorful” theme, you’d hardly notice the upgrade to Outlook 2016 at first sight.

This is actually part of the Office 365 strategy where major new features are also introduced during the main lifetime of the current version, as we saw with Office 2013. In the old strategy, these features were held back for the new version. Office 2016 will get the same treatment so future updates can introduce new features as well.

Until then, there are still plenty of new features in Outlook 2016 to use and discover.

Continue reading: New and Changed in Outlook 2016


Upgrading to Outlook 2016

Outlook 2016 iconPlanning to upgrade to Outlook 2016? This guide contains a lot of preparation and other information to get yourself ready to ensure a smooth transition

Aside from the preparation steps, this guide informs you about what to expect when you start Outlook 2016 for the first time after you upgraded and how to troubleshoot several issues you may encounter during or after the installation.

Continue reading: Upgrading to Outlook 2016


Windows 10 (2004 / May 2020 Update or earlier) and Outlook

Windows 10 buttonThinking about upgrading your computer to Windows 10 or are you using Outlook on a Windows 10 computer already and are being offered a major Windows 10 update?

What should you be aware of when you heavily rely on Outlook?

The upgrade process from Windows 7 and Windows 8 is actually quite streamlined and trouble free for most configurations. Things are even easier when applying a major update to Windows 10. However, for either upgrade, there are still a couple of attention points before you start.

This guide contains not only upgrade preparation and troubleshooting steps but also various tips about the changes that you could encounter involving Outlook after upgrading to Windows 10.

Continue reading: Windows 10 (2004 / May 2020 Update or earlier) and Outlook


Outlook can’t connect to Gmail: Password incorrect

Gmail buttonWhen configuring your Gmail account in Outlook (or other mail clients such as Thunderbird and Mail apps on (older) smartphones), you may run into continuous password prompts or sync errors.

This is because Google has turned off Basic Authentication by default for all new accounts and accounts which haven’t synced within the last 30 days and only lets you authenticate via the OAuth 2.0 standard.

As a result, you’ll get Send/Receive errors (0x800CCC0E) and could get prompted for your Gmail password again in Outlook and the login could fail even when you supply the correct password.

Continue reading: Outlook can’t connect to Gmail: Password incorrect


Exchange Server 2019 Capacity Calculator

Exchange Calculator buttonThe Exchange Server 2019 Capacity Calculator allows you to calculate the hardware and virtual system requirements for the servers handling the Exchange Server Roles within your Exchange 2019 environment.

The latest version of the calculator is included with each Exchange Server 2019 Cumulative Update but also available as a separate download.

The calculator is provided as an Excel document with various macros. For the best experience, it is recommended to use it with Excel as part of Microsoft Office Professional Plus 2019 or Microsoft 365 Apps for Enterprise/Business.

Download: Exchange Server 2019 Capacity Calculator
More info: Announcing The Exchange Server 2019 Sizing Calculator


Exchange 2019 and 2016 Security Updates for September 2020

News

Security updates have been released for Exchange 2016 and Exchange 2019.

  • CVE-2020-16875: Microsoft Exchange Memory Corruption Vulnerability
    A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.
    Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.
    The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.

View: Description of the security update for Microsoft Exchange Server 2019 and 2016: September 8, 2020
Download: Security Update For Exchange Server 2019 CU6 (KB4577352)
Download: Security Update For Exchange Server 2019 CU5 (KB4577352)
Download: Security Update For Exchange Server 2016 CU17 (KB4577352)
Download: Security Update For Exchange Server 2016 CU16 (KB4577352)


Outlook for Microsoft 365 Apps Feature Update for August 2020

News

On the final day of August, Microsoft released the August feature update of Outlook for Microsoft 365 Apps in the Current Channel (previously known as the Office 365 Monthly Channel).

It comes with 2 new features for Outlook and 13 highlighted fixes (of which 2 were also included in last week’s bug fix release for Version 2007). The new features and notable fixes are listed below;

  • Improved links in email
    When you include a link to a file, the file name replaces the URL. You can change permissions so all recipients have access.
  • Natural Language Support in Search
    With the implementation of Natural Language Support in Search, users can easily filter their search results without remembering specific search syntax.
  • Fixes an issue that caused users who attempted to create a meeting request from a secondary account added to their profile to not see a blank From: field instead of their email address.
  • Addressed an issue that caused meetings to fail to be removed from a manager’s calendar when declined by a delegate in some circumstances.
  • Fixes an issue that caused users to experience occasional crashes when interacting with Cloud attachments.
  • Addressed an issue that caused users of some character sets to see file names display incorrectly when adding a Smart Link to a SharePoint file.
  • Addressed an issue that caused some users to see the Scheduling Assistant page fail to display.
  • Fixes an issue that caused users to see anomalies when using the compact view.
  • Addressed an issue that caused the right-click context menu to fail to appear in the search controls.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2008 (Build 13127.20296).


Outlook 2016 / 2019 / 365 Update for August 2020

News

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of a Microsoft 365 subscription.

It contains 13 security updates for Access (1), Excel (5), Outlook (2), Word (3) and Office (2). The Details about the Outlook vulnerability;

  • CVE-2020-1483: Microsoft Outlook Memory Corruption Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.
  • CVE-2020-1493: Microsoft Outlook Information Disclosure Vulnerability
    An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.
    To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting.
    The security update addresses the vulnerability by correcting how Outlook handles file attachment links.

In addition, it contains 2 documented non-security fixes for Outlook Current, 4 features and 7 fixes for Monthly Enterprise 2005, 1 for Semi-Annual 2002. Most notable fixes are;

  • Version 2007
    Addressed an issue that caused Outlook to fail to retrieve search suggestions.
  • Version 2007
    Addressed an issue that caused users to occasionally crash when retrieving persona information.
  • Version 2006 –  New option to disable @ mention suggestions when composing mail in Outlook
    Do you find the @ mention picker more annoying than useful? Now you can turn it off if you prefer.
    File-> Options-> Mail-> section: Send Messages-> Suggest names to mention when I use the @ symbol in a message.
  • Version 2006 – Keep your pictures high fidelity when sending them as part of an email
    A new Outlook setting is available to limit picture compression when you send pictures as part of the email contents.
    File-> Options-> Mail-> Editor Options…-> Advanced-> enable: Do not compress images in file
  • Version 2006
    Addresses an issue that caused users to see the creation date of attachments that they copied to their file system via drag and drop getting set to January 1, 4501.
  • Version 2002
    Addressed an issue that caused a significant performance issue when starting Outlook for some tenants.

Based on your release channel, you’ll be updated to the following version;

  • Microsoft 365, Outlook 2016 Retail, Outlook 2019 Retail
    Version 2007 (Build 13029.20344)
  • Monthly Enterprise
    Version 2006 (Build 13001.20520)
    Version 2005 (Build 12827.20656)
  • Semi-Annual Enterprise (Preview)
    Version 2002 (Build 12527.20988)
  • Semi-Annual Enterprise
    Version 2002 (Build 12527.20988)
    Version 1908 (Build 11929.20934)
    Version 1902 (Build 11328.20644)
  • Outlook 2019 Volume License
    Version 1808 (Build 10364.20059)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.


Outlook 2016 (MSI) Security Update for August 2020

News

A Security Update has been released for Outlook 2013. It resolves the following vulnerabilities;

  • CVE-2020-1483: Microsoft Outlook Memory Corruption Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.
  • CVE-2020-1493: Microsoft Outlook Information Disclosure Vulnerability
    An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.
    To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting.
    The security update addresses the vulnerability by correcting how Outlook handles file attachment links.

This update contains 2 additional fixes or improvements for non-security issues;

  • Fixes an issue that causes Outlook users to be unable to send a message as (or on behalf of) a hidden distribution list.
  • Fixes an issue that causes the creation date of an attachment to be set to “January 1, 4501” if a user copies the attachment to the file system through a drag-and-drop action.

View: Download information for KB4484475

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5044.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.