Outlook 2016 (MSI) Security Update for July 2023

News

A Security Update has been released for Outlook 2016. It resolves the following vulnerabilities;

  • CVE-2023-33151: Microsoft Outlook Spoofing Vulnerability
    • This vulnerability is currently not publicly disclosed nor exploited.
    • Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
    • The Exploitability Assessment is rated: Exploitation Less Likely.
  • CVE-2023-35311: Microsoft Outlook Security Feature Bypass Vulnerability
    • This vulnerability is currently not publicly disclosed but it is being exploited already.
    • Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
    • The Exploitability Assessment is rated: Exploitation Detected.

View: Download information for KB5002427

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5404.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.


Sperry Software
Use "BH93RF24" to get a discount when ordering!

Outlook 2013 Security Update for July 2023

News

A Security Update has been released for Outlook 2013. It resolves the following vulnerabilities;

  • CVE-2023-33151: Microsoft Outlook Spoofing Vulnerability
    • This vulnerability is currently not publicly disclosed nor exploited.
    • Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
    • The Exploitability Assessment is rated: Exploitation Less Likely.
  • CVE-2023-35311: Microsoft Outlook Security Feature Bypass Vulnerability
    • This vulnerability is currently not publicly disclosed but it is being exploited already.
    • Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
    • The Exploitability Assessment is rated: Exploitation Detected.

View: Download information for KB5002432

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5571.1000.


Outlook for Microsoft 365 Apps Feature Update for June 2023

News

Microsoft released the June 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

This time there are 1 new feature and 2 documented fixes.

  • Block emails with sensitive labels
    Implement pop-up messages in Outlook that warn, justify, or block emails being sent based on sensitivity labels.
  • We fixed an issue where the Me control showed the wrong display name in Office apps.
  • We fixed an issue where doing a mail merge would display the error, “Microsoft Word is required to run the Mail Merge Wizard”.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2306 (Build 16529.20154).


Outlook 365 / 2021 / 2019 / 2016 Update for June 2023

News

The June security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 5 security updates for Excel (3), and Office (2).

In addition, it contains 1 new feature and 7 non-security fixes for Monthly Enterprise Version 2304, 2 fixes for Monthly Enterprise Version 2303, and 4 fixes for Semi-Annual (Preview) Version 2302.

  • Version 2304
    • Sensitivity Label scoping between files, emails and meetings
      Office applications can now filter out sensitivity labels based on the document type. For example, Outlook email will no longer show labels that only apply to Word, Excel, and PowerPoint documents.
    • We fixed an issue where the “From” field and Signatures were not working while using Google Workspace Sync for Microsoft Outlook.
    • We fixed an issue where the links associated with known issues were not shown to customers who were using the Contact Support feature.
    • We fixed an issue where Outlook would close unexpectedly when Microsoft 365 apps in the Navigation Pane were closed.
    • We fixed an issue where some users may be unable to view or access group email messages and calendars in the Outlook desktop client.
    • We fixed an issue with the sensitivity label not being applied to protected messages.
    • We fixed an issue that caused users of the Event-Based feature to be unable to utilize some of the new APIs included in Mailbox Requirement Set 1.13.
  • Version 2304, 2303 and 2302
    • We fixed an issue where drafting a new email and @mentioning an Outlook contact group (a contact group that is created locally) in the email body wouldn’t add the contact group to the ‘To’ field.
  • Version 2303 and 2303
    • We fixed an issue where users couldn’t see the sensitivity label applied to an email on louder label anchor when the label wasn’t included in their label policy.
  • Version 2302
    • We fixed an issue where Outlook would close unexpectedly when forwarding a large email with an SVG file if “Spell check before sending” was enabled.
    • We fixed an issue where the Organization tab of people cards was stuck in a “Loading” state indefinitely.

Based on your release channel, you’ll be updated to the following version;

  • Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
    Version 2305 (Build 16501.20210)
  • Monthly Enterprise
    Version 2304 (Build 16327.20324)
    Version 2303 (Build 16227.20354)
  • Semi-Annual Enterprise (Preview)
    Version 2302 (Build 16130.20580)
  • Semi-Annual Enterprise
    Version 2208 (Build 15601.20680)
    Version 2202 (Build 14931.21024) 
  • Outlook LTSC 2021
    Version 2108 (Build 14332.20517)
  • Outlook 2019 Volume Licensed
    Version 1808 (Build 10399.20000)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.


Exchange 2019 and 2016 Security Updates for June 2023

News

Security updates have been released for Exchange 2016 and Exchange 2019. There is no security update for Exchange 2013 as support ended on April 11, 2023.

The updates fix the following vulnerabilities;

Both vulnerabilities aren’t currently publicly disclosed nor exploited. However, they are rated as “Exploitation More Likely” so make sure you update as soon as possible!

The updates also contain the following non-security issues;

View: Exchange Blog: Released: June 2023 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019: June 13, 2023 (KB5026261)
View: Description of the security update for Microsoft Exchange Server 2016: June 13, 2023 (KB5025903)

Download: Security Update for Exchange 2019 CU12 and CU13
Download: Security Update for Exchange 2016 CU23.


Outlook 2016 (MSI) Security Update for June 2023

News

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

  • CVE-2023-33131: Microsoft Outlook Remote Code Execution Vulnerability
    • This vulnerability is currently not publicly disclosed nor exploited.
    • Exploitation of the vulnerability requires that a user opens a specially crafted file. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link.
    • The Exploitability Assessment is rated: Exploitation Less Likely.

View: Download information for KB5002387

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5395.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.


Outlook 2013 Security Update for June 2023

News

A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

  • CVE-2023-33131: Microsoft Outlook Remote Code Execution Vulnerability
    • This vulnerability is currently not publicly disclosed nor exploited.
    • Exploitation of the vulnerability requires that a user opens a specially crafted file. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link.
    • The Exploitability Assessment is rated: Exploitation Less Likely.

View: Download information for KB5002382

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5537.1000.


Outlook for Microsoft 365 Apps Feature Update for May 2023

News

With a small delay, Microsoft released the May 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

This times there are 1 new feature and 4 documented fixes.

  • Accessibility Ribbon in Outlook for Windows
    The Accessibility Ribbon brings together in one place all the tools you need to make your emails accessible.
  • We fixed an issue that caused users to see the error, “We cannot render Actionable Messages right now” when reading some email messages.
  • We fixed an issue where Outlook would close unexpectedly when Microsoft 365 apps in the Navigation Pane were closed.
  • We fixed an issue where the application would close unexpectedly when searching using dates.
  • We fixed an issue where the links associated with known issues were not shown to customers who were using the Contact Support feature.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2305 (Build 16501.20196).


Outlook 365 / 2021 / 2019 / 2016 Update for May 2023

News

The May security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 4 security updates for Access (1), Excel (1), Word (1), and Office (1).

In addition, it contains 2 documented non-security fixes related to Outlook Current Version 2304, 5 new features and 12 fixes for Monthly Enterprise Version 2303, 2 fixes for Monthly Enterprise Version 2302, and 2 fixes for Semi-Annual (Preview) Version 2302. Most notable fixes are;

  • Version 2304
    • We fixed an issue that caused users of the Event-Based feature to be unable to utilize some of the new APIs included in Mailbox Requirement Set 1.13.
    • We fixed an issue where drafting a new email and @mentioning an Outlook contact group (a contact group that is created locally) in the email body wouldn’t add the contact group to the ‘To’ field.
  • Version 2303
    • Get relevant alerts with new Notifications pane
      Don’t let important information get buried in your inbox. The new Notifications pane in Outlook delivers notifications that are relevant to you in the context of your regular email. The pane gives you the ability to customize the types of notifications you wish to receive, including email and document @mentions, travel updates, deliveries, and more.
    • Prevent data leaks more easily with the new Sensitivity toolbar
      Sensitivity labels powered by Microsoft Purview Information Protection are now displayed next to the message Subject line, allowing you to easily recognize and adhere to your organization’s policies.
    • Disable the Azure Information Protection Add-in by default
      Office apps will now automatically disable the legacy Azure Information Protection add-in and use the built-in sensitivity labels to view and apply labels powered by Microsoft Purview Information Protection.
    • We added a registry key that hides the “Try the new Outlook” toggle
      • Key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\General
      • Value type: REG_DWORD
      • Value name: HideNewOutlookToggle
      • Value: 0 (default) – “Try the new Outlook” toggle, if available in selected update channel, is displayed to users.
      • Value: 1 – “Try the new Outlook” toggle is hidden.
    • Inheritance of attachment labels to email messages
      For email messages with attachments, apply a label that matches the highest classification of those attachments.
    • We fixed an issue that caused the Sub-folders search scope to be broken when searching in the Online Archive.
    • We fixed an issue where some users may be unable to view or access group email messages and calendars in the Outlook desktop client.
    • We fixed an issue that caused Outlook to close unexpectedly when using Loop Components in an email.
    • We fixed an issue that caused users with an Outlook.com account in their profile to be prompted for their password and to receive the following error message: “You cannot log in with a personal account. Use your work or school account.”
  • Version 2302
    • We fixed an issue where the “From” field and Signatures were not working while using Google Workspace Sync for Microsoft Outlook.
    • We fixed an issue that caused users to see the message body flash white when closing a message.

Based on your release channel, you’ll be updated to the following version;

  • Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
    Version 2304 (Build 16327.20248)
  • Monthly Enterprise
    Version 2303 (Build 16227.20318)
    Version 2302 (Build 16130.20500)
  • Semi-Annual Enterprise (Preview)
    Version 2302 (Build 16130.20500)
  • Semi-Annual Enterprise
    Version 2208 (Build 15601.20660)
    Version 2202 (Build 14931.21000) 
  • Outlook LTSC 2021
    Version 2108 (Build 14332.20503)
  • Outlook 2019 Volume Licensed
    Version 1808 (Build 10398.20008)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.


Exchange 2019 CU13

News

Cumulative Update 13 for Exchange 2019 is now available. With the new release model, it is officially called; The 2023 H1 Cumulative Update (CU) for Exchange Server 2019.

Exchange 2019 CU13 includes the following major changes;

  • Enable Modern Auth for pure On-Premises Exchange users
    Support for OAuth 2.0 (also known as Modern authentication) for pure on-premises environments that use Active Directory Federated Services (AD FS) as a security token service (STS).
    To use this feature, you must be using Microsoft Outlook or any other client that supports Modern authentication by using AD FS. Currently, this feature is available only for Outlook on Windows. However, support for modern authentication will be added to other Outlook clients in the future.
    For details see; Enable Modern Auth in Exchange Server on-premises.
  • Configuration backup and restore
    Setup now backs up the most common configuration settings and then restores them to the state they were in before Setup was started. Starting with the 2023 H1 CU, Setup preserves about 70 different configuration settings across multiple files.
    For details see; Exchange Server custom configuration preservation

There are 28 additional fixes documented for this release. A few notable ones are;

  • KB5026273: Outlook configuration fails in Android or iOS
  • KB5026156: Outlook search fails in a shared On-Premises mailbox if the primary user mailbox is migrated to Exchange Online
  • KB5026267: OWA stops responding in an Exchange 2019 and 2016 coexistence topology
  • KB5026278: Mailbox migration fails after Extended Protection is enabled
  • KB5026138: Users receive reminders although the meeting reminder is set to None
  • KB5026139: You can’t move the public folder mailbox

This release does not include new updates to the Active Directory Schema for Exchange 2019.

The next planned Cumulative Update for Exchange 2019 is in September 2023.

Exchange 2019: CU13 KB5020999Download
View: Blog post of the Exchange Team about CU13 for Exchange Server 2019

Note: Exchange 2016 has reached its Extended Support phase and CU23 was the last CU for it. This means that from now on, it will only receive Security Updates.