Outlook 2010 Security Update for February 2020

News

A Security Update has been released for Outlook 2010. It resolves the following vulnerability;

  • CVE-2020-0696: Microsoft Outlook Security Feature Bypass Vulnerability
    A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats. The security feature bypass by itself does not allow arbitrary code execution. However, to successfully exploit the vulnerability, an attacker would have to use it in conjunction with another vulnerability, such as a remote code execution vulnerability, to take advantage of the security feature bypass vulnerability and run arbitrary code.
    To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URI with an affected version of Microsoft Outlook software.
    The security update addresses the vulnerability by correcting how Microsoft Outlook handles the parsing of URI formats.

View: Download information for KB4484163

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7245.5000.


 


Exchange 2019, 2016, 2013 and 2010 Security Updates for February 2020

News

Security updates have been released for Exchange 2010, Exchange 2013, Exchange 2016 and Exchange 2019.

  • CVE-2020-0688: Microsoft Exchange Validation Key Remote Code Execution Vulnerability
    A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time.
    Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.
    The security update addresses the vulnerability by correcting how Microsoft Exchange creates the keys during install.
  • CVE-2020-0692: Microsoft Exchange Server Elevation of Privilege Vulnerability
    An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users.
    Exploitation of this vulnerability requires Exchange Web Services (EWS) to be enabled and in use in an affected environment. To exploit the vulnerability, an attacker would need to change parameters in the Security Access Token and forward it to a Microsoft Exchange Server, thereby allowing impersonation of another Exchange user.
    To address this vulnerability, Microsoft has changed the way EWS handles these tokens.
    This vulnerability does not apply to Exchange 2010.

The updates for Exchange 2010 and Exchange 2013 also contain the following fix;

  • KB4540267: MSExchangeDelivery.exe or EdgeTransport.exe crashes in Exchange Server 2013 and Exchange Server 2010

View: Description of the security update for Microsoft Exchange Server 2019 and 2016: February 11, 2020
View: Description of the security update for Microsoft Exchange Server 2013: February 11, 2020
View: Description of the security update for Microsoft Exchange Server 2010: February 11, 2020
Download: Security Update For Exchange Server 2019 Cumulative Update 4 (KB4536987)
Download: Security Update For Exchange Server 2019 Cumulative Update 3 (KB4536987)
Download: Security Update For Exchange Server 2016 Cumulative Update 15 (KB4536987)
Download: Security Update For Exchange Server 2016 Cumulative Update 14 (KB4536987)
Download: Security Update For Exchange Server 2013 CU23 (KB4536988)
Download: Update Rollup 30 for Exchange Server 2010 SP3 (KB4536989)


Outlook for Office 365 Feature Update for January 2020

News

Microsoft has just released the January feature update of Outlook for Office 365 (Monthly Channel) and it comes with 2 new features for Outlook.

  • Advanced group email settings
    This feature helps groups users to customize which emails or events to receive/follow in their inbox.
  • Groups Naming policy
    A group naming policy enables the IT admin to standardize and manage the names of groups created by users in the organization. The admin can require a specific prefix and suffix be added to the name for a group when it’s created, and can block specific words from being used. This helps minimize the use of inappropriate words in group names as well as IT manage the representation of groups in their directory. Naming Policy also helps organizations that deploy team sites to categorize them based on department.

It also contains the following notable fix;

  • Addresses an issue that caused users to experience crashes when renaming a signature.

Additionally, the Upload Center is being replaced by the Files Needing Attention experience that will show up inside the Office applications under File > Open. This new experience is more modern, integrated, and less intrusive compared to the Upload Center.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2001 (Build 12430.20184).


MAPILab
Use "4PM76A8" to get a discount when ordering!

Outlook 2016 / 2019 / 365 Update for January 2020

News

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of an Office 365 subscription.

It contains 4 security updates for Excel (3) and Office (1).

Based on your release channel, you’ll be updated to the following version;

  • Office 365, Outlook 2016 Retail, Outlook 2019 Retail
    Version 1912 (Build 12325.20298)
  • Office 365 Semi Annual (Targeted)
    Version 1908 (Build 11929.20562)
  • Office 365 Semi Annual
    Version 1908 (Build 11929.20562)
    Version 1902 (Build 11328.20512)
    Version 1808 (Build 10730.20432)
  • Outlook 2019 Volume License
    Version 1808 (Build 10354.20022)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installation of Office 2016.


Outlook for Office 365 Feature Update for December 2019

News

We are already a good few days into the New Year but due to the holidays, Microsoft still hadn’t released the December feature update of Outlook for Office 365 (Monthly Channel); Well, they have now and it comes with 1 new feature for Outlook.

  • Send accessible mail to those who need it most
    Outlook will display a mail tip to help you ensure that your content is accessible when sending to a user who prefers accessible content.

There are also several notable fixes;

  • Addresses an issue that caused the location of a meeting to get added back to the meeting unexpectedly after clearing it.
  • Addresses an issue that caused users to see a noticeable delay when interacting with their mailbox folders through keyboard shortcuts.
  • Addresses an issue that caused users to see emails sent to an address that did not match the displayed SMTP address in some circumstances.
  • Addresses an issue that caused users to experience hangs in Outlook when retrieving Cloud Settings.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 1912 (Build 12325.20288).


Outlook 2016 (MSI) Update for January 2020

News

A Rollup Update has been released for Outlook 2016. This is a non-security update which contains the following documented improvements fixes.

  • When an email message that has a signed email message as an attachment is also signed, Outlook breaks the digital signature of the attached message.
  • This update changes the default signature hash algorithm for Secure/Multipurpose Internet Mail Extensions (S/MIME) messages and enables administrators to manage it by setting the UseAlternateDefaultHashAlg registry key.
  • Memory leaks occur when toast notifications are enabled.
  • When the display size is scaled to more than 100 percent in Windows 10, mailbox elements are not displayed correctly in the additional mailboxes list box on the Advanced tab in Microsoft Exchange dialog box. Additionally, it is difficult to recognize them.
  • When the weather service isn’t available, Outlook doesn’t stop making service calls after it receives an HTTP 404 error. This causes a heavy network load.

View: Download information for KB4484212

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4954.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.


Exchange 2019 CU4

News

Cumulative Update 4 for Exchange 2019 is now available. It contains 1 security update and 12 additional documented new fixes or improvements, as well as all previously released fixes and security updates for Exchange 2019 and the latest DST updates.

Notable improvements, changes and fixes are;

  • .NET Framework 4.8 is now required.
  • Cumulative Update 4 includes a significant update to the Exchange 2019 sizing calculator. Version 10.3 of the calculator includes improvements to calculations and default settings which allow for better and smoother utilization of disk resources.
  • KB4532747: Address list separation not working for a user without a mailbox in Exchange Server 2019.
  • KB4528690: Can’t move or delete folder in Outlook online mode if the destination has a folder with the same name in Exchange Server 2019.
  • KB4528694: Can’t open .ics file in Outlook on the web in Exchange Server 2019
  • KB4523171: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: November 12, 2019 which discusses CVE-2019-1373. This update was released separately for CU3 as well.

This release includes no new updates to the Active Directory Schema.
The next planned quarterly update is in March 2020. 

Download: Cumulative Update 4 for Exchange Server 2019 (KB4522149) (from MVLC)
View: Description of Cumulative Update 4 for Exchange Server 2019
View: Blog post of the Exchange Team about CU4 for Exchange Server 2019


Exchange 2016 CU15

News

Cumulative Update 15 for Exchange 2016 is now available. It contains 1 security update and 13 additional documented new fixes or improvements, as well as all previously released fixes and security updates for Exchange 2016 and the latest DST updates.

Notable improvements, changes and fixes are;

  • .NET Framework 4.8 is now required.
  • KB4532747: Address list separation not working for a user without a mailbox in Exchange Server 2016.
  • KB4528690: Can’t move or delete folder in Outlook online mode if the destination has a folder with the same name in Exchange Server 2016.
  • KB4528694: Can’t open .ics file in Outlook on the web in Exchange Server 2016
  • KB4523171: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: November 12, 2019 which discusses CVE-2019-1373. This update was released separately for CU14 as well.

This release includes no new updates to the Active Directory Schema.
The next planned quarterly update is in March 2020. 

Download: Cumulative Update CU15 for Exchange Server 2016 (KB4522150)
Download: Exchange Server 2016 CU15 UM Language Packs
View: Description of Cumulative Update 15 for Exchange Server 2016
View: Blog post of the Exchange Team about CU15 for Exchange Server 2016


Outlook 2016 / 2019 / 365 Update for December 2019

News

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of an Office 365 subscription.

It contains 5 security updates for Excel (1), PowerPoint (1), Word (1) and Office (2). In addition, it contains 1 documented non-security fix for Outlook Monthly, 3 for Semi-Annual (Targeted) 1908, 2 for Semi-Annual 1902 and 1 for Semi-Annual 1808.

  • Monthly and Semi-Annual (Targeted) 1908: Addresses an issue that caused web add ins to access Digital Rights Managed messages.
  • Semi-Annual (Targeted) 1908: Corrected an issue with SMIME algorithm selection.
  • Semi-Annual (Targeted) 1908: Addressed an issue that caused users to see a “The rules on this computer do not match the rules on Microsoft Exchange” prompt when opening the Rules dialog.
  • Semi-Annual 1902: Addresses an issue that caused customers to encounter a crash when attempting to create a rule from a “missed conversation” message.
  • Semi-Annual 1902 and 1808: Calendar items for next year may display an incorrect time in Outlook. This update enables Outlook to override certain time zone settings that are used by Outlook. In order to override a time zone, you must set the TimeZoneOverride registry key for the current user

Based on your release channel, you’ll be updated to the following version;

  • Office 365, Outlook 2016 Retail, Outlook 2019 Retail
    Version 1911 (Build 12228.20364)
  • Office 365 Semi Annual (Targeted)
    Version 1908 (Build 11929.20516)
  • Office 365 Semi Annual
    Version 1902 (Build 11328.20492)
    Version 1808 (Build 10730.20426)
  • Outlook 2019 Volume License
    Version 1808 (Build 10353.20037)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installation of Office 2016.


Outlook 2016 (MSI) Update for December 2019

News

A Rollup Update has been released for Outlook 2016. This is a non-security update which contains the following documented fix.

  • When you use the Brasilia time zone in the year 2019, recurring meetings and appointments are displayed in the wrong time slot for the year 2020. This update is relevant to Outlook that’s set in the Brasilia time zone or to meetings and appointments that are set in that time zone.
  • This update enables Outlook to override certain time zone settings that are used by Outlook. In order to override a time zone, you must set the TimeZoneOverride registry key for the current user.

View: Download information for KB4484172

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4939.1001. This update does not apply to Perpetual and Office 365 based installations of Office 2016.