Outlook 2016 / 2019 / 365 Update for July 2020

News

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of a Microsoft 365 subscription.

It contains 8 security updates for Excel (1), Outlook (1), Project (1), Word (4) and Office (1). The Details about the Outlook vulnerability;

  • CVE-2020-1349: Microsoft Outlook Remote Code Execution Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.

In addition, it contains 1 documented non-security fixes for Outlook Current, 1 feature and 10 fixes for Monthly Enterprise 2005, 12 for Semi-Annual (Preview) 2002 and 44 for Semi-Annual 1908. Most notable fixes are;

  • Version 2006 and 2002
    Addressed an issue that caused users to be unable to save OneDrive attachments from outside their tenant to their local computer when selecting the “Save” option on the security dialog.
  • Version 2005 – Better results—in a jiffy
    We’ve updated the Search experience to make it smarter, faster, and more reliable than ever.
  • Version 2005
    Addresses an issue that caused users to see Outlook continuously prompt them to run the Inbox Repair tool.
  • Version 2005, 2002 and 1908
    Addresses an issue that caused users to see the “The rules on this computer do not match the rules on Microsoft Exchange” message when updating their rules in Outlook.
  • Version 2002
    Addressed an issue that caused recurring appointments or meetings to be displayed at the wrong time when approaching a timezone definition change.
  • Version 2002
    Addressed an issue that caused delegates to receive an error when editing an existing calendar appointment on a manager’s calendar.
  • Version 1908
    This updates the attachment blocking logic in Outlook to also block python attachments.
  • Version 1908
    Addresses an issue that caused Outlook users to get stuck in the “Needs Password” state in certain scenarios.

Version 2002 has now also been released to the Semi-Annual Enterprise Channel and contains 12 highlighted new feature and 61 fixes which have been made available already to the other release channels.

Based on your release channel, you’ll be updated to the following version;

  • Office 365, Outlook 2016 Retail, Outlook 2019 Retail
    Version 2006 (Build 13001.20384)
  • Office 365 Monthly Enterprise
    Version 2005 (Build 12827.20538)
    Version 2004 (Build 12730.20602)
  • Office 365 Semi-Annual Enterprise (Preview)
    Version 2002 (Build 12527.20880)
  • Office 365 Semi-Annual Enterprise
    Version 2002 (Build 12527.20880)
    Version 1908 (Build 11929.20904)
    Version 1902 (Build 11328.20624)
  • Outlook 2019 Volume License
    Version 1808 (Build 10363.20015)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installation of Office 2016.


CodeTwo

Outlook 2016 (MSI) Security Update for July 2020

News

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

  • CVE-2020-1349: Microsoft Outlook Remote Code Execution Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.

This update also contains 4 additional fixes or improvements for non-security issues;

  • Improves translations in the German version of Outlook 2016.
  • Fixed: Internet Message Access Protocol (IMAP) users see Outlook stop syncing new email messages until they restart Outlook.
  • Fixed: Users who are changing items on a manager’s shared calendar may receive the following error message: “The operation cannot be performed because the message has been changed.”
  • Fixed: Users experience crashes when they open .msg and .oft files after they apply a recent Windows update.

View: Download information for KB4484433

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5017.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.


Outlook 2013 Security Update for July 2020

News

A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

  • CVE-2020-1349: Microsoft Outlook Remote Code Execution Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.

View: Download information for KB4484363

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5257.1000.


Outlook 2010 Security Update for July 2020

News

A Security Update has been released for Outlook 2010. It resolves the following vulnerability;

  • CVE-2020-1349: Microsoft Outlook Remote Code Execution Vulnerability
    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.
    To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
    Note that the Preview Pane is an attack vector for this vulnerability.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.

View: Download information for KB4484382

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7248.5000.


Outlook for Microsoft 365 Apps Feature Update for June 2020

News

On the last day of June Microsoft released the June feature update of Outlook for Microsoft 365 Apps in the Current Channel (previously known as the Office 365 Monthly Channel).

It comes with 3 new features for Outlook and 5 highlighted fixes (of which 4 were also included in last week’s bug fix release for Version 2005).

  • New option to disable @ mention suggestions when composing mail in Outlook
    Do you find the @ mention picker more annoying than useful? Now you can turn it off if you prefer.
    File-> Options-> Mail-> section: Send Messages-> Suggest names to mention when I use the @ symbol in a message.
  • Incident Notification for IT Admins
    Microsoft 365 tenant global administrators and Office Apps Administrators will be notified about Outlook and O365 Exchange incidents affecting their users with a new right-side panel notification in Outlook for Windows.
  • Additional buttons added to Outlook toast notifications
    Quick Action buttons now appear in Outlook toast notifications when running Outlook on Windows 10

    Outlook for Microsoft 365 New Mail Notification on Windows 10

  • Addressed an issue that caused users to see the creation date of attachments that they copied to their file system via drag and drop getting set to January 1, 4501.
  • Addressed an issue that caused users of the Shared Calendar improvements to see calendar failures.
  • Addressed an issue that caused users to see Outlook continuously prompt them to run the Inbox Repair tool.
  • Addressed an issue that caused Ctrl+click to stop working when cloud settings were enabled.
  • Addressed an issue that caused searching for a feature in Suggest a Feature to return no results and leave the user with no option to submit a new feature idea.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2006 (Build 13001.20266).


Outlook for Office 365 Bug Fix Update for June 2020

News

A Bug Fix update has been released for Outlook for Microsoft 365 (Current Channel) and it comes with 7 highlighted fixes for Outlook and another 7 for other Office Apps that are part of Microsoft 365.

The following issues have been resolved in Outlook;

  • Addressed an issue where Outlook failed to enable Data Loss Protection policy tips people for users who had paid for the service who are on M365 Business Plus plans.
  • Addressed an issue that caused users to see the creation date of attachments that they copied to their file system via drag and drop getting set to January 1, 4501.
  • Addressed an issue that caused users to see the “The rules on this computer do not match the rules on Microsoft Exchange” message when updating their rules in Outlook.
  • Addressed an issue that caused users of the Shared Calendar improvements to see calendar failures.
  • Addressed an issue that caused users to experience intermittent hangs and crashes in some scenarios.
  • Addressed an issue that caused users to see Outlook continuously prompt them to run the Inbox Repair tool.
  • Addressed an issue that caused searching for a feature in Suggest a Feature to return no results and leave the user with no option to submit a new feature idea.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2002 (Build 12827.20470).


Exchange 2019 CU6 and Exchange 2016 CU17

News

Cumulative Update 6 for Exchange 2019 is now available as well as Cumulative Update 17 for Exchange 2016

They both contain the same 13 documented new fixes or improvements, as well as all previously released fixes and security updates for their respective Exchange version and the latest DST updates.

Notable improvements, changes and fixes are;

  • KB4559444: Conversion from HTML to RTF removes non-breaking space.
  • KB4547707: Enable piping for Restore-RecoverableItems.
  • KB4559446: Changes to Outlook on the web blocked file extensions and MIME types.
  • KB4559439: EAS creates failure report if a message with unknown recipients is in Drafts.
  • KB4559440: Export to a PST for an eDiscovery search fails.
  • KB4549689: Hybrid Modern Authentication (HMA) EvoSTS certificate rollover causes authentication prompts due to stalled key on worker process spawn (warmup phase).

This release includes no new updates to the Active Directory Schema.
The next planned quarterly update is in September 2020.

Exchange 2019: CU6 KB4556415VLSC Download
Exchange 2016: CU17 KB4556414DownloadUM Language Pack
View: Blog post of the Exchange Team about CU6 for Exchange Server 2019 and CU 17 for Exchange 2016.


Outlook 2016 / 2019 / 365 Update for June 2020

News

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of an Office 365 subscription.

It contains 5 security updates for Excel (2), Outlook (1), Project (1) and Office (1). The Details about the Outlook vulnerabilities;

  • CVE-2020-1229: Microsoft Outlook Security Feature Bypass Vulnerability
    A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system. An attacker who successfully exploited this vulnerability could cause a system to load remote images. These images could disclose the IP address of the targeted system to the attacker.Exploitation of the vulnerability requires that a user open a specially crafted image with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted image to the user.
    The update addresses the vulnerability by changing how remote images are processed in Outlook.

In addition, it contains 5 documented new features and 6 fixes Monthly Enterprise 2004, 4 for Semi-Annual (Targeted) 2002 and 1 for Semi-Annual 1908. Most notable fixes are;

  • Version 2004 – A smarter To: line
    When you click the To: line to address a message, we suggest recipients you’re likely to choose. Plus, you can see their picture, so you know you’re sending to the right person.
  • Version 2004 – Calendar gets a makeover
    See visual updates that make your calendar easier to scan.
  • Version 2004
    Addresses an issue that caused users to experience a crash when displaying toast notifications.
  • Version 2002
    Enables joining a Teams meeting directly through the native Teams client.
  • Version 2002
    Addressed an issue that caused users with an incorrect browser emulation setting were unable to complete the authentication prompt for Gmail.
  • Version 2002
    Addressed an issue that caused Outlook users on server operating systems to see the error, “Antivirus status: Invalid. This version of Windows supports antivirus detection, but no antivirus was found” despite having anti virus properly configured.
  • Version 1908
    Addressed an issue that caused users to see message body truncation when forwarding large HTML messages.

Based on your release channel, you’ll be updated to the following version;

  • Office 365, Outlook 2016 Retail, Outlook 2019 Retail
    Version 2005 (Build 12827.20336)
  • Office 365 Monthly Enterprise
    Version 2004 (Build 12730.20430)
    Version 2003 (Build 12624.20708)
  • Office 365 Semi Annual (Targeted)
    Version 2002 (Build 12527.20720)
  • Office 365 Semi-Annual
    Version 1908 (Build 11929.20838)
    Version 1902 (Build 11328.20602)
  • Outlook 2019 Volume License
    Version 1808 (Build 10361.20002)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installation of Office 2016.


Outlook 2016 (MSI) Security Update for June 2020

News

A Rollup Update has been released for Outlook 2016 as well as a Security Update for Word 2016 which also affects Outlook.

Word’s Security update resolves the following vulnerability;

  • CVE-2020-1229: Microsoft Outlook Security Feature Bypass Vulnerability
    A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system. An attacker who successfully exploited this vulnerability could cause a system to load remote images. These images could disclose the IP address of the targeted system to the attacker.Exploitation of the vulnerability requires that a user open a specially crafted image with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted image to the user.
    The update addresses the vulnerability by changing how remote images are processed in Outlook.

View: Download information for KB4484396

Outlook’s non-security update contains the following documented improvements fixes.

  • Improves Japanese translation for the Chinese holiday ‘Winter Solstice’ in the Japanese version of Outlook.
  • If you save an attachment in an email message, the folder that the attachment was saved in will not be deleted until you close Outlook.
  • Addresses an issue that causes users to see shared folders to disappear from their Favorites list when Outlook starts in an offline state.
  • Addresses an issue that causes some users to experience an intermittent crash of Outlook.

View: Download information for KB4484398

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5017.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.


Outlook 2013 Security Update for June 2020

News

A Security Update has been released for Word 2013 which affects Outlook 2013. It resolves the following vulnerability;

  • CVE-2020-1229: Microsoft Outlook Security Feature Bypass Vulnerability
    A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system. An attacker who successfully exploited this vulnerability could cause a system to load remote images. These images could disclose the IP address of the targeted system to the attacker.Exploitation of the vulnerability requires that a user open a specially crafted image with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted image to the user.
    The update addresses the vulnerability by changing how remote images are processed in Outlook.

View: Download information for KB4484361

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5249.1000.