News

News Exchange 2019 CU1

Cumulative Update 1 for Exchange 2019 is now available. It contains 3 new documented security updates and 18 additional documented new fixes or improvements, as well as all previously released fixes and security updates for Exchange 2019 and the latest DST updates.

Notable improvements, changes and fixes are;

  • ADV190004: February 2019 Oracle Outside In Library Security Update
    Microsoft Exchange Server contains some elements of the Oracle Outside In libraries. This update contain fixes to vulnerabilities which are described in: Oracle Critical Patch Update Advisory – October 2018.
  • CVE-2019-0686 and CVE-2019-0724: Microsoft Exchange Server Elevation of Privilege Vulnerability
    An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as a Domain Administrator or gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users. Exploitation of this vulnerability requires Exchange Web Services (EWS) and Push Notifications to be enabled and in use in an affected environment.
    To mitigate this vulnerability, AD permissions granted to Exchange server have been modified as discussed in KB4490059: Reducing permissions required to run Exchange Server by using Shared Permissions Model, and additionally changes have been made to EWS authentication as discussed in KB4490060: Exchange Web Services Push Notifications can be used to gain unauthorized access.
  • KB4488398: “The Microsoft Exchange Replication service may not be running on server” error when you add a mailbox database copy in Exchange Server 2019
  • KB4488268: Disable the irrelevant Query logs that’re created in Exchange Server 2016.

This release includes no new updates to the Active Directory Schema.
The next planned quarterly update is in June 2019.

Download: Cumulative Update 1 for Exchange Server 2019 (KB4471391) (from MVLC)
View: Description of Cumulative Update 1 for Exchange Server 2019
View: Blog post of the Exchange Team about CU1 for Exchange Server 2019


 


News Exchange 2016 CU12

Cumulative Update 12 for Exchange 2016 is now available. It contains 3 new documented security updates and 23 additional documented new fixes or improvements, as well as all previously released fixes and security updates for Exchange 2016 and the latest DST updates.

Notable improvements, changes and fixes are;

  • ADV190004: February 2019 Oracle Outside In Library Security Update
    Microsoft Exchange Server contains some elements of the Oracle Outside In libraries. This update contain fixes to vulnerabilities which are described in: Oracle Critical Patch Update Advisory – October 2018.
  • CVE-2019-0686 and CVE-2019-0724: Microsoft Exchange Server Elevation of Privilege Vulnerability
    An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as a Domain Administrator or gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users. Exploitation of this vulnerability requires Exchange Web Services (EWS) and Push Notifications to be enabled and in use in an affected environment.
    To mitigate this vulnerability, AD permissions granted to Exchange server have been modified as discussed in KB4490059: Reducing permissions required to run Exchange Server by using Shared Permissions Model, and additionally changes have been made to EWS authentication as discussed in KB4490060: Exchange Web Services Push Notifications can be used to gain unauthorized access.
  • KB4487603: “The action cannot be completed” error when you select many recipients in the Address Book of Outlook in Exchange Server 2016.
  • KB4488268: Disable the irrelevant Query logs that’re created in Exchange Server 2016.

This release includes no new updates to the Active Directory Schema.
The next planned quarterly update is in June 2019. 

Download: Cumulative Update 12 for Exchange Server 2016 (KB4471392)
Download: Exchange Server 2016 CU12 UM Language Packs
View: Description of Cumulative Update 12 for Exchange Server 2016
View: Blog post of the Exchange Team about CU12 for Exchange Server 2016


News Exchange 2013 CU22

Cumulative Update 22 for Exchange 2013 is now available. It contains 3 new documented security updates and 1 additional documented new fix or improvement, as well as all previously released fixes and security updates for Exchange 2013 and the latest DST updates. Note that mainstream support for Exchange 2013 has ended in April 2018.

This release includes no new updates to the Active Directory Schema.

Download: Cumulative Update 22 for Exchange Server 2013 (KB4345836)
Download: Exchange Server 2013 CU22 UM Language Packs
View: Description of Cumulative Update 22 for Exchange Server 2013
View: Blog post of the Exchange Team about CU22 for Exchange Server 2013


News Exchange 2010 SP3 Rollup 26

Update Rollup 26 for Exchange 2010 Service Pack 3 is now available. It contains 3 documented new security updates and all previously released fixes and security updates for Exchange 2010 SP3. Note that mainstream support for Exchange 2010 has already ended.

View: Description of Update Rollup 26 for Exchange Server 2010
Download: Update Rollup 26 For Exchange 2010 SP3 (KB4487052)
View: Blog post of the Exchange Team about CU26 for Exchange Server 2010


News Outlook 2016 (MSI) Update for February 2019

A Rollup Update has been released for Outlook 2016. This is a non-security update which contains 8 documented improvements and fixes.

Most notable fixes in this update;

  • Assume that you have Outlook and a Skype for Business application installed on a computer with Windows 10 or later versions. When the Skype for Business application automatically starts, a prompt for Skype for Business credentials may appear behind other windows.
  • When you accept multiple separate instances of a recurring meeting, and then you synchronize the Calendar folder in Outlook, you notice that sometimes some instances are mistakenly removed from the calendar.
  • This update fixes a case where sometimes searching items result in the following error message:

    Something went wrong and your search couldn’t be completed.

  • When you try to open the “Rules and Alerts” dialog box, the dialog box doesn’t open and you receive the following error message:

    The operation failed because of a registry or installation problem. Restart Outlook and try again. If the problem persists, reinstall.

View: Download information for KB4462147

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4810.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.


News Outlook 2013 Update for February 2019

A Rollup Update has been released for Outlook 2013. This is a non-security update which contains 3 documented improvements and fixes.

  • Recipients see incorrect message body format in a received Outlook template. This issue occurs if the Outlook template is sent as an attachment when Outlook is connected to Exchange Online.
  • Assume that you have Outlook and a Skype for Business application installed on a computer with Windows 10 or later versions. When the Skype for Business application automatically starts, a prompt for Skype for Business credentials appear behind other windows.
  • When you try to open the “Rules and Alerts” dialog box, the dialog box doesn’t open and you receive the following error message:

    The operation failed because of a registry or installation problem. Restart Outlook and try again. If the problem persists, reinstall.

View: Download information for KB4462141

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5111.1000.


News Outlook 2010 Update for February 2019

A Rollup Update has been released for Outlook 2010. This is a non-security update which contains the following fix;

  • When you try to open the “Rules and Alerts” dialog box, the dialog box doesn’t open and you receive the following error message:

    The operation failed because of a registry or installation problem. Restart Outlook and try again. If the problem persists, reinstall.

View: Download information for KB4462182

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7229.5000.


News Outlook for Office 365 Feature Update for January 2019

Outlook for Office 365 (Monthly Channel) got a new feature on the last day of January which many have waited for a long time;

  • Animated GIFs
    They’ll see what you meme: When text or static images just won’t do, use an animated GIF to make your point. Learn more

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself and updates Outlook to: Version 1901 (Build 11231.20130).


News Outlook 2016 / 2019 / 365 Security Update for January 2019

A Security Update has been released for Outlook 2016 Retail, Outlook 2019 and Office 365. It resolves the following vulnerability;

  • CVE-2019-0559: Microsoft Outlook Information Disclosure Vulnerability
    An attacker who successfully exploited this vulnerability could gather information about the victim. An attacker could exploit this vulnerability by sending a specially crafted email to the victim.

Based on your release channel, you’ll be updated to the following version;

  • Office 365, Outlook 2016 Retail, Outlook 2019 Retail
    Version 1812 (Build 11126.20196)
  • Outlook 2019 Volume License
    Version 1808 (Build 10340.20017)
  • Office 365 Semi Annual Channel
    Version 1808 (Build 10730.20264)
    Version 1803 (Build 9126-2336)
    Version 1708 (Build 8431.2366)

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself. This update does not apply to msi-based installation of Office 2016.


News Outlook 2016 (MSI) Security Update for January 2019

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

  • CVE-2019-0559: Microsoft Outlook Information Disclosure Vulnerability
    An attacker who successfully exploited this vulnerability could gather information about the victim. An attacker could exploit this vulnerability by sending a specially crafted email to the victim.

This update also contains 14 additional fixes or improvements for non-security issues. Most notable are;

  • Adds support for the Do Not Forward policy for meetings so that the meetings can’t be forwarded by attendees.
  • A “Blocked external content” warning for Secure/Multipurpose Internet Mail Extensions (S/MIME) email messages that have no external content is displayed.
  • When you access the “Conversation History” folder, Outlook 2016 hangs.
  • Mail delivery rules stop working. When you try to open the “Manage Rules and Alerts” dialog box, you receive the following error message:

    The operation failed because of a registry or installation problem. Restart Outlook and try again. If the problem persists, reinstall.

View: Download information for KB4461601

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4795.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.