News

News Exchange 2010 SP3 Rollup 18

Update Rollup 18 for Exchange 2010 Service Pack 3 is now available for direct download. It contains 1 documented new security and all previously released fixes and security updates for Exchange 2010 SP3. Note that mainstream support for Exchange 2010 has already ended.

This security update resolves the vulnerabilities mentioned in CVE-2017-8621, CVE-2017-8559 and CVE-2017-8560. These vulnerabilities works via Outlook Web Access (OWA) and could allow elevation of privilege or spoofing in Microsoft Exchange Server if an attacker sends an email that has a specially crafted attachment to a vulnerable Exchange server.

View: Description of the security update for Microsoft Exchange: July 11, 2017
Download: Update Rollup 18 For Exchange 2010 SP3 (KB4018588)

News Outlook 2010 Update for July 2017

A Rollup Update has been released for Outlook 2010. This is a non-security update which fixes the 3 attachment issues that were introduced with the June 2017 update (KB3203467);

  • When you open an attachment whose file name includes an ellipsis (…) or an exclamation point (!), the files are blocked and you receive a warning message.
  • If an email message includes an attached email message, and the attached email message’s subject line includes an unsafe file name extension, the email attachment is blocked for recipients.
  • You receive an error message when you open attachments in an email message, a contact, or a task that’s formatted as Rich Text.

Update July 11:
Due to new issues found with this update, it is no longer available. An updated fix or a completely new fix will be released soon.

View: Download information for KB4011042

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7183.5002.

News Exchange 2016 CU6

Cumulative Update 6 for Exchange 2016 is now available for direct download. It contains 8 documented new fixes or improvements, various new features and all previously released fixes and security updates for Exchange 2016.

Notable new features, fixes and improvements are:

This release includes new updates to the Active Directory Schema.

Compatibility validation with .Net 4.7 is still pending for this release but so far, no issues have been found. However, .Net 4.7 is not supported until the validation has been completed and official support has been announced.

Download: Cumulative Update 6 for Exchange Server 2016 (KB4012108)
Download: Exchange Server 2016 CU6 UM Language Packs
View: Description of Cumulative Update 6 for Exchange Server 2016
View: Blog post of the Exchange Team about CU6 for Exchange Server 2016

Sperry Software
Use "BH93RF24" to get a discount when ordering!

News Exchange 2013 CU17

Cumulative Update 17 for Exchange 2013 is now available for direct download. It contains 5 documented new fixes or improvements and all previously released fixes and security updates for Exchange 2013.

Notable fixes and improvements are:

  • This update includes the latest time zone updates.
  • KB4024650: Emoji is displayed as question marks in iOS clients in an Exchange Server environment.
  • KB4024646:  “Insufficient access rights” error when you run setup.exe as member of “Delegated Setup” group in Exchange Server 2013

This release does not include new updates to the Active Directory Schema.

Compatibility validation with .Net 4.7 is still pending for this release but so far, no issues have been found. However, .Net 4.7 is not supported until the validation has been completed and official support has been announced.

Download: Cumulative Update 17 for Exchange Server 2013 (KB4012114)
Download: Exchange Server 2013 CU17 UM Language Packs
View: Description of Cumulative Update 17 for Exchange Server 2013
View: Blog post of the Exchange Team about CU17 for Exchange Server 2013

News Attachments are blocked after applying June 2017 update – Fixes available now

After applying the June update for Outlook 2007, 2010, 2013 or Outlook 2016 (MSI) some attachments may be blocked from being opened. There are two issues here;

  • Attachments could get blocked as they are deemed “potentially unsafe attachments” even when they don’t have an unsafe file extension (like pdf, docx, xlsx).

    The blocked attachments are mentioned in the Infobar.
    The blocked attachments are mentioned in the Infobar.

    This issue applies to files that have two dots or an exclamation mark in front of their file extension;
    -test..txt
    -test!.txt

  • Attachments that are embedded (with the file icon shown in the message body) in an RTF formatted message, calendar item, contact item or task item can’t be opened. Trying to do so produces the error;
    • The program used to create this object is Outlook. That program is either not installed on your computer or it is not responding. To edit this object, install Outlook or ensure that any dialog boxes in Outlook are closed.

Error when trying to open an embedded attachment after applying the June 2017 update.
Error when trying to open an embedded attachment after applying the June 2017 update.

Update June 28 and July 5: Fixes now available for some versions
New updates have been released for some versions of Outlook which fixes these issues. The other versions will follow soon!

  • Outlook 2007
    Not yet available.
  • Outlook 2010
    KB4011042 (download: 32-bit or 64-bit)
    This update is currently not available but will be re-released soon.
  • Outlook 2013
    KB3191849 (download: 32-bit or 64-bit)
  • Outlook 2016 (MSI)
    KB3213654 (download: 32-bit or 64-bit
  • Outlook 2016 (Office 365)
    Fixed in Version 1706 (Build 8229.2073) get it via Update Now.
    Not yet fixed for the Deferred Channels.

Current workarounds are;

  • For the first issue; Download the files via web mail. Exchange and Outlook.com users can use Outlook on the Web (OWA) for this, Gmail users can use the Gmail website, etc…
  • For the second issue, you can save the files to your Desktop (drag & drop also works) and open the files from there.
  • Uninstall the June update for your Outlook version. Please note that this is a security update, so uninstalling the update is only recommended when you know the risks and can’t use the other workarounds.

For further information and descriptions of other issues regarding these updates also see; Outlook known issues in the June 2017 security updates.

News Outlook 2016 Security Update for June 2017

A Security Update has been released for Outlook 2016. In addition to resolving the vulnerabilities, it also contains 15 documented improvements and fixes.

Most notable fixes and improvements are:

  • Resolves the vulnerabilities mentioned in CVE-2017-8506, CVE-2017-8507, and CVE-2017-8508 which could allow remote code execution if a user opens a specially crafted Office file or email message.
  • If you have a profile that has a Microsoft SharePoint calendar in Outlook 2016 and the calendar is synchronizing in the background, Outlook 2016 may crash.
  • After a delegate views a rejected meeting, the declined meeting appears in the calendar again if the delegate has not rejected the meeting.

Office 365 subscribers have also received the following feature updates;

View: Download information for KB3191932

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 365 and updates Outlook to version 16.0.4549.1002 (msi-based installation) or 16.0.8201.2102 (Office 365 based installation) or 16.0.7766.2092 (Office 365 Deferred Channel installation).

News Outlook 2013 Security Update for June 2017

A Security Update has been released for Outlook 2013. In addition to resolving the vulnerabilities, it also contains 12 documented improvements and fixes.

Most notable fixes and improvements are:

  • Resolves the vulnerabilities mentioned in CVE-2017-8506, CVE-2017-8507, and CVE-2017-8508 which could allow remote code execution if a user opens a specially crafted Office file or email message.
  • Enable users to install and manage (web) add-ins in Outlook 2013 rather than in the Outlook Web App.
  • Disables the message rule actions to start an application or run a macro (VBA script). To re-enable them, you can set the EnableUnsafeClientMailRules Registry value.
  • After you switch networks on a computer, Outlook 2013 sometimes won’t reconnect to the Microsoft Exchange server.

View: Download information for KB3191938

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 365 and updates Outlook to version 15.0.4937.1000.

News Outlook 2010 Security Update for June 2017

News Outlook 2007 Security Update for June 2017

News Outlook 2016 Update for May 2017

A Rollup Update has been released for Outlook 2016. This is a non-security update which contains 20 documented improvements and fixes.

Most notable fixes are:

  • Reminders aren’t created after you import webcal calendars. To fix this issue, you can now set the AllowReminderCreation Registry value.
  • When a delegate opens a meeting request, some respond buttons, such as the Accept, Tentative, and Decline buttons, aren’t displayed.
  • Disables the message rule actions to start an application or run a macro (VBA script). To re-enable them, you can set the EnableUnsafeClientMailRules Registry value.
  • Adds the ability to view signed HTML email messages in the HTML format via the ShowSignedMessagesInNativeFormat Registry value, even when you have Outlook configured to force Plain Text.
  • When you use a POP or an IMAP account, some received email messages have a blank body.

Office 365 subscribers have also received a feature update; Attachment widths expand visually to fit the file name and permission information and there is also a new Dubai font.

View: Download information for KB3191883

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 365 and updates Outlook to version 16.0.4534.1001 (msi-based installation) or 16.0.7967.2139 (Office 365 based installation).