News

A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

• CVE-2019-0559: Microsoft Outlook Information Disclosure Vulnerability
  An attacker who successfully exploited this vulnerability could gather information about the victim. An attacker could exploit this vulnerability by sending a specially crafted email to the victim.

This update also contains additional fixes for 4 non-security issues;

• After update KB3118388 is applied, Office documents in the Public Folders are unexpectedly opened in the Protected View.
• A “Blocked external content” warning for Secure/Multipurpose Internet Mail Extensions (S/MIME) email messages that have no external content is displayed.
• This update adds support for directly importing .ics files that contain HTML bodies into an Outlook 2013 calendar. You no longer need to first convert the HTML body to Rich Text Format (RTF).
• Mail delivery rules stop working. When you try to open the “Manage Rules and Alerts” dialog box, you receive the following error message:
  
  

  The operation failed because of a registry or installation problem. Restart Outlook and try again. If the problem persists, reinstall.

View: Download information for KB4461595

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5101.1000.

A Security Update has been released for Outlook 2010. It resolves the following vulnerability;

• CVE-2019-0559: Microsoft Outlook Information Disclosure Vulnerability
  An attacker who successfully exploited this vulnerability could gather information about the victim. An attacker could exploit this vulnerability by sending a specially crafted email to the victim.

This update also contains additional fixes for 2 non-security issues;

• A “Blocked external content” warning for Secure/Multipurpose Internet Mail Extensions (S/MIME) email messages that have no external content is displayed.
• Mail delivery rules stop working. When you try to open the “Manage Rules and Alerts” dialog box, you receive the following error message:
  
  

  The operation failed because of a registry or installation problem. Restart Outlook and try again. If the problem persists, reinstall.

View: Download information for KB4461623

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7227.5000.

Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019. They resolve the following 2 vulnerabilities;

• CVE-2019-0586: Microsoft Exchange Memory Corruption Vulnerability
  A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.
• CVE-2019-0588: Microsoft Exchange Information Disclosure Vulnerability
  An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended. To exploit this vulnerability, an attacker would need to be granted contributor access to an Exchange Calendar by an administrator via PowerShell. The attacker would then be able to view additional details about the calendar that would normally be hidden.

View: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: January 8, 2019
Download: Security Update For Exchange Server 2013 CU21 (KB4471389)
Download: Security Update For Exchange Server 2016 CU10 (KB4471389)
Download: Security Update For Exchange Server 2016 CU11 (KB4471389)
Download: Security Update For Exchange Server 2019 (KB4471389)

Update Rollup 25 for Exchange 2010 Service Pack 3 is now available. It contains 1 documented new security update and all previously released fixes and security updates for Exchange 2010 SP3. Note that mainstream support for Exchange 2010 has already ended.

• CVE-2019-0588: Microsoft Exchange Information Disclosure Vulnerability
  An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended. To exploit this vulnerability, an attacker would need to be granted contributor access to an Exchange Calendar by an administrator via PowerShell. The attacker would then be able to view additional details about the calendar that would normally be hidden.

View: Description of Update Rollup 25 for Exchange Server 2010
Download: Update Rollup 25 For Exchange 2010 SP3 (KB4468742)

A Security Update has been released for Outlook 2016 Retail, Outlook 2019 and Office 365. It resolves the following vulnerability;

• CVE-2018-8587
  Which could allow remote code execution via a specially crafted file attachment which must be opened by a user.

Based on your release channel, you’ll be updated to the following version;

• Office 365, Outlook 2016 Retail, Outlook 2019 Retail
  Version 1811 (Build 11029.20108)
• Outlook 2019 Volume License
  Version 1808 (Build 10339.20026)
• Office 365 Semi Annual Channel
  Version 1803 (Build 9126-2336)

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself. This update does not apply to msi-based installation of Office 2016.

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

• CVE-2018-8587
  Which could allow remote code execution via a specially crafted file attachment which must be opened by a user.

This update also contains additional fixes for 2 non-security issues;

• When you attach a file that contains the “&” character in its name to an email message, the “&” character isn’t displayed in the attachment name.
• After you set the DisableCrossAccountCopy policy, you can’t move a folder to another location in the same email account.

View: Download information for KB4461544

Update: An additional update (KB4011722) has been released this month which solves an issue with mail delivery rules stopping to work and opening the Mange Rules & Alerts dialog returns the following error;

The operation failed because of a registry or installation problem. Restart Outlook and try again. If the problem persists, reinstall.

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4783.1000 and the updated release to version 16.0.4783.1001. This update does not apply to Perpetual and Office 365 based installations of Office 2016.

A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

• CVE-2018-8587
  Which could allow remote code execution via a specially crafted file attachment which must be opened by a user.

View: Download information for KB4461556

Update: An additional update (KB4011029) has been released this month which solves an issue with mail delivery rules stopping to work and opening the Mange Rules & Alerts dialog returns the following error;

The operation failed because of a registry or installation problem. Restart Outlook and try again. If the problem persists, reinstall.

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5093.1000 and the updated release to version 15.0.5093.1001.

A Security Update has been released for Outlook 2010. It resolves the following vulnerability;

• CVE-2018-8587
  Which could allow remote code execution via a specially crafted file attachment which must be opened by a user.

View: Download information for KB4461576

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7226.5000.

Security updates have been released for Exchange 2016. It resolves the following vulnerability;

• CVE-2018-8604
  A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user’s profile data.

View: Download information for KB4468741

Outlook for Office 365 (Monthly Channel) got the following new features or major changes this month;

• Zoom and stick
  Instead of adjusting Zoom each time you read a message, choose a default to use for all your messages.
• Outlook Async Move Messages
  Performing the move messages asynchronously to increase productivity for the Outlook users.
• Polished the Focused Inbox on and off experiences
  Unread email to show on all folders, not just Inbox when Focused Inbox turned off. Sort by Flag Status added. Better interaction of Focused Inbox with Search: Focused Inbox remains until a search begins. ‘Results’ text shown after a search completes.

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself and updates Outlook to: Version 1811 (Build 11029.20079).