News

News Outlook 2016 Security Update for October 2017

A Security Update has been released for Outlook 2016. In addition to resolving the vulnerabilities, it also contains 11 documented improvements and fixes.

Most notable fixes and improvements are:

  • Resolves the vulnerabilities mentioned in CVE-2017-11774, which could lead to the execution of arbitrary commands, and CVE-2017-11776 which could lead to information disclosure.
  • You occasionally experience an error when you try to access the address book.
  • After you send an email message in Outlook 2016 that has an IMAP account configured, the message appears in the Drafts folder again.
  • When you use Outlook.com to send email messages to users who are outside the service, those messages show the winmail.dat files as attachments for those recipients.

View: Download information for KB4011162

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 365 and updates Outlook to version 16.0.4600.1000 (msi-based installation) or 16.0.8431.2107 (Office 365 based installation) or 16.0.8201.2200 (Office 365 Deferred Channel installation).

News Outlook 2013 Security Update for October 2017

A Security Update has been released for Outlook 2013. In addition to resolving the vulnerabilities, it also contains 6 documented improvements and fixes.

Most notable fixes and improvements are:

  • Resolves the vulnerabilities mentioned in CVE-2017-11774, which could lead to the execution of arbitrary commands, and CVE-2017-11776 which could lead to information disclosure.
  • You occasionally experience an error when you try to access the address book.
  • When you change the location of a meeting and select to update the location automatically, the displayed location isn’t updated for the meeting.

View: Download information for KB4011178

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 365 and updates Outlook to version 15.0.4971.1000.

News Outlook 2010 Security Update for October 2017

News Exchange 2016 CU7

Cumulative Update 7 for Exchange 2016 is now available for direct download. It contains a minimum requirement change, 2 documented new fixes, and all previously released fixes and security updates for Exchange 2016.

  • Active Directory Forest Functional Level must be 2008R2 or later.
  • KB4040754: “Update UseDatabaseQuotaDefaults to false” error occurs when you change settings of user mailbox in Exchange Server 2016
  • KB4040121: You receive a corrupted attachment if email is sent from Outlook that connects to Exchange Server in cache mode

This release includes no new updates to the Active Directory Schema.

Compatibility with .Net 4.7.1 will be added to CU8. Support for .NET 4.7.0 will be skipped as .NET 4.7.1 will be released soon.

Download: Cumulative Update 7 for Exchange Server 2016 (KB4018115)
Download: Exchange Server 2016 CU7 UM Language Packs
View: Description of Cumulative Update 7 for Exchange Server 2016
View: Blog post of the Exchange Team about CU7 for Exchange Server 2016

News Exchange 2013 CU18

Cumulative Update 18 for Exchange 2013 is now available for direct download. It contains 4 documented new fixes or improvements and all previously released fixes and security updates for Exchange 2013.

  • This update includes the latest time zone updates.
  • KB4040755: New health monitoring mailbox for databases is created when Health Manager Service is restarted in Exchange Server 2013
  • KB4040121: You receive a corrupted attachment if email is sent from Outlook that connects to Exchange Server in cache mode
  • KB4040120: Synchronization may fail when you use the OAuth protocol for authorization through EAS in Exchange Server 2013

This release includes no new updates to the Active Directory Schema.

Compatibility with .Net 4.7.1 will be added to CU19. Support for .NET 4.7.0 will be skipped as .NET 4.7.1 will be released soon.

Download: Cumulative Update 18 for Exchange Server 2013 (KB4022631)
Download: Exchange Server 2013 CU18 UM Language Packs
View: Description of Cumulative Update 18 for Exchange Server 2013
View: Blog post of the Exchange Team about CU18 for Exchange Server 2013

News Outlook 2016 Security Update for September 2017

A Security Update has been released for Outlook 2016. In addition to resolving the vulnerabilities, it also contains 8 documented improvements and fixes.

Most notable fixes and improvements are:

  • Defense-in-depth update as mentioned in Security Advisory ADV170015. This is a general security update that is not specific to any current exploit.
  • Introduces the RequireADAL Registry value to prevent Outlook from connecting to Exchange servers that do not use ADAL.
  • When you try to add data to a profile through the Mail Applet in Control Panel, you receive the following error message;
    • An unknown error occurred, error code: 0x8000ffff.
  • After you mark an item as read in an IMAP folder in Outlook 2016, the item is changed to unread.

View: Download information for KB4011091

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 365 and updates Outlook to version 16.0.4588.1000 (msi-based installation) or 16.0.8326.2107 (Office 365 based installation) or 16.0.8201.2193 (Office 365 Deferred Channel installation).

News Outlook 2013 Security Update for September 2017

A Security Update has been released for Outlook 2013. In addition to resolving the vulnerabilities, it also contains 1 documented fix.

  • Defense-in-depth update as mentioned in Security Advisory ADV170015. This is a general security update that is not specific to any current exploit.
  • Third-party MAPI application may freeze at shutdown.

View: Download information for KB4011090

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 365 and updates Outlook to version 15.0.4963.1000.

News Outlook 2010 Security Update for September 2017

A Security Update has been released for Outlook 2010 which contains a defense-in-depth update as mentioned in Security Advisory ADV170015. This is a general security update that is not specific to any current exploit.

View: Download information for KB4011089

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7188.5000.

News Outlook 2007 Security Update for September 2017

A Security Update has been released for Outlook 2007 which contains a defense-in-depth update as mentioned in Security Advisory ADV170015. This is a general security update that is not specific to any current exploit.

View: Download information for KB4011086

Update September 19, 2017:
Due to UI language issues with this update, it has been replaced with KB401110. Uninstall KB4011086 before applying the new update.

Note: This update can be installed via Microsoft Update and updates Outlook to version 12.0.6776.5000.

News Outlook 2016 Security Update for July 2017

A Security Update has been released for Outlook 2016. It resolves the vulnerabilities mentioned in CVE-2017-8571, CVE-2017-8572, and CVE-2017-8663 which could allow remote code execution if a user opens a specially crafted Office file or email message.

It also solves the issues introduced in the June update (KB3191932) where attachments with certain characters in their name got fully blocked.

Office 365 users (Current Channel) will also get 2 new features;

  • Downloading cloud attachments
    When you save or drag and drop OneDrive attachments to your computer, we download the file for you.
  • Helpful sounds improve accessibility
    Turn on audio cues to guide you as you work. Find it in File > Options > Ease of Access.

View: Download information for KB4011052

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 365 and updates Outlook to version 16.0.4573.1001 (msi-based installation) or 16.0.8326.2058 (Office 365 based installation) or 16.0.7766.2099 (Office 365 Deferred Channel installation).