HowTo-Outlook

The July feature update of Outlook for Office 365 (Monthly Channel) is now available and it comes with one major change for Outlook.

• Get email suggestions when you search for a person
  When you type a person’s name in the Search box, the most relevant email messages will be included with your search suggestions.

Word, Excel and PowerPoint also a got a couple of new features. The one that I’m quite happy about and which applies to all 3 applications is;

• No more bouncing to the browser
  You decide how links to Office documents open: in the browser or in the app.
  Files-> Options-> Advanced-> Open supported hyperlinks to Office files in Office desktop apps

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself and updates Outlook to: Version 1907 (Build 11901.20176).

A new rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019 and Outlook as part of an Office 365 subscription.

It contains 6 security updates for Excel (3), Outlook (1), Skype (1) and Office (1). Details about the Outlook vulnerability;

• CVE-2019-1084: Microsoft Exchange Information Disclosure Vulnerability (All)
  An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.

In addition, an Outlook issue has been addressed that caused current folder search to intermittently fail.

Based on your release channel, you’ll be updated to the following version;

• Office 365, Outlook 2016 Retail, Outlook 2019 Retail
  Version 1906 (Build 11727.20244)
• Outlook 2019 Volume License
  Version 1808 (Build 10348.20020)
• Office 365 Semi Annual Channel
  Version 1902 (Build 11328.20368)
  Version 1808 (Build 10730.20360)
  Version 1803 (Build 9126.2428)

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself. This update does not apply to msi-based installation of Office 2016.

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

• CVE-2019-1084: Microsoft Exchange Information Disclosure Vulnerability (All)
  An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.

Additionally, the holiday file (Outlook.HOL) has been updated to extend the date range to the year 2026 for many events. To update your holidays, you’ll have to remove the current ones from your Calendar and re-import them. For more info see; Holiday updates for the Outlook Calendar.

There is also a fix for an issue where Categories that are set on items in a shared mailbox may not be synced to the server and other clients.

View: Download information for KB4475517

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4873.1000. This update does not apply to Perpetual and Office 365 based installations of Office 2016.

A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

• CVE-2019-1084: Microsoft Exchange Information Disclosure Vulnerability (All)
  An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.

Additionally, the holiday file (Outlook.HOL) has been updated to extend the date range to the year 2026 for many events. To update your holidays, you’ll have to remove the current ones from your Calendar and re-import them. For more info see; Holiday updates for the Outlook Calendar.

View: Download information for KB4464592

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5153.1000.

A Security Update has been released for Outlook 2010. It resolves the following vulnerability;

• CVE-2019-1084: Microsoft Exchange Information Disclosure Vulnerability (All)
  An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.

View: Download information for KB4475509

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7235.5000.

Security updates have been released for Exchange 2010, Exchange 2013, Exchange 2016 and Exchange 2019.

• CVE-2019-1084: Microsoft Exchange Information Disclosure Vulnerability (All)
  An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.
• CVE-2019-1136: Microsoft Exchange Server Elevation of Privilege Vulnerability (Exchange 2010/2013/2016)
  An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users. Exploitation of this vulnerability requires Exchange Web Services (EWS) to be enabled and in use in an affected environment. To exploit the vulnerability, an attacker would need to execute a man-in-the-middle attack to forward an authentication request to a Microsoft Exchange Server, thereby allowing impersonation of another Exchange user. To address this vulnerability, Microsoft has changed the way EWS handles NTLM tokens.
• CVE-2019-1137: Microsoft Exchange Server Spoofing Vulnerability (Exchange 2013/2016/2019)
  A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim’s identity to take actions on the Exchange server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Exchange Server properly sanitizes web requests.

View: Description of the security update for Microsoft Exchange Server 2010: July 9, 2019
View: Description of the security update for Microsoft Exchange Server 2013 and 2016: July 9, 2019
View: Description of the security update for Microsoft Exchange Server 2019: July 9, 2019
Download: Update Rollup 29 For Exchange 2010 SP3 (KB4509410)
Download: Security Update For Exchange Server 2013 CU23 (KB4509409)
Download: Security Update For Exchange Server 2016 CU12 (KB4509409)
Download: Security Update For Exchange Server 2016 CU13 (KB4509409)
Download: Security Update For Exchange Server 2019 CU1 (KB4509408)
Download: Security Update For Exchange Server 2019 CU2 (KB4509408)

The June feature update of Outlook for Office 365 (Monthly Channel) is now available and it comes with many big changes a lot of you have been waiting for.

In Version 1906, there are some major visual updates and also a variety of options to modify the user interface;

• We’ve updated the Outlook user experience for you
  A simplified experience, previously available for preview with Coming Soon, designed to help you focus on what matters most.
• A simplified ribbon that’s customizable, too
  Enjoy a streamlined, single row of the most frequently used buttons also knows as the Single Line Ribbon. Easily switch between classic and Simplified views, and pin/unpin commands.
• Pick your favorite action
  Don’t use Flag and Delete? How about Archive or Mark as Read? Customize the quick action menu with the commands you use most.
  To configure; Right click on a message in the message list and choose; Set Quick Actions…
• Improved shared folder synchronization for mailboxes with many folders
  For years Outlook has been limited to a maximum of 500 folders when synchronizing shared mailboxes. With this change Outlook has been improved to sync in a way that will no longer encounter this 500 folder limit.
• Focused Inbox settings remain the same across devices
  Your Focused Inbox preferences are now stored in the cloud. Enjoy the same experience when you use Outlook for Windows on any computer and Outlook on the web.
• Relaxed or tighter layout? You choose
  Tighter Spacing lets you decide if you want more space between items, or a tighter layout to see more (some of you may have had it in Version 1905 already).
  You can toggle this option via; View-> Use Tighter Spacing
  This will not only affect your message list, but also the To, From, Cc, Bcc and Subject fields as well as the other fields you get when creating an Appointment or Meeting.
• Ink in Your Email!
  You can now draw and annotate pictures in your Outlook emails. On touch-enabled devices, this feature is enabled by default and you’ll see a new Draw tab, between the Insert and Options tab, when composing an email in its own window.

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself and updates Outlook to: Version 1906 (Build 11727.20210).

Cumulative Update 2 for Exchange 2019 is now available. It contains 1 new documented security updates and 16 additional documented new fixes or improvements, as well as all previously released fixes and security updates for Exchange 2019 and the latest DST updates.

Notable improvements, changes and fixes are;

• Decreasing Exchange Rights in the Active Directory
  There is now a Deny ACE on the DNS Admins group and the ability for Exchange to assign Service Principal Names (SPN’s) has been removed.
• Support for .NET Framework 4.8
  The minimum .NET requirement remains 4.7.2 and .NET 4.8 will required with the December 2019 update.
• Controlled Connections to Public Folders in Outlook
  Admins have control over which users will see public folders in their Outlook clients.
• Authentication Policies Update
  You can define a default authentication policy at Organization level to disable legacy authentication protocols.
• KB4503027 which discusses ADV190018: Microsoft Exchange Server Defense in Depth Update. This update was released separately for CU1 as well.
• KB4488396: Can’t search any results in manually added shared mailbox in Outlook in Exchange Server 2016
• KB4502131: “TLS negotiation failed with error UnknownCredentials” error after updating TLSCertificateName on Office 365 send connector in Exchange Server 2019 hybrid environment.

Additionally, the Exchange Team announced that they will not make any investments into support of Modern Authentication in on-premises Exchange without a hybrid deployment.

This release includes no new updates to the Active Directory Schema.
The next planned quarterly update is in September 2019.

Download: Cumulative Update 2 for Exchange Server 2019 (KB4488401) (from MVLC)
View: Description of Cumulative Update 2 for Exchange Server 2019
View: Blog post of the Exchange Team about CU2 for Exchange Server 2019

Cumulative Update 13 for Exchange 2016 is now available. It contains 1 new documented security updates and 14 additional documented new fixes or improvements, as well as all previously released fixes and security updates for Exchange 2016 and the latest DST updates.

Notable improvements, changes and fixes are;

• Decreasing Exchange Rights in the Active Directory
  There is now a Deny ACE on the DNS Admins group and the ability for Exchange to assign Service Principal Names (SPN’s) has been removed.
• Support for .NET Framework 4.8
  The minimum .NET requirement remains 4.7.2 and .NET 4.8 will required with the December 2019 update.
• Controlled Connections to Public Folders in Outlook
  Admins have control over which users will see public folders in their Outlook clients.
• KB4503027 which discusses ADV190018: Microsoft Exchange Server Defense in Depth Update. This update was released separately for CU13 as well.
• KB4488396: Can’t search any results in manually added shared mailbox in Outlook in Exchange Server 2016
• KB4502131: “TLS negotiation failed with error UnknownCredentials” error after updating TLSCertificateName on Office 365 send connector in Exchange Server 2016 hybrid environment

This release includes no new updates to the Active Directory Schema.
The next planned quarterly update is in September 2019.

Download: Cumulative Update 13 for Exchange Server 2016 (KB4488406)
Download: Exchange Server 2016 CU13 UM Language Packs
View: Description of Cumulative Update 13 for Exchange Server 2016
View: Blog post of the Exchange Team about CU13 for Exchange Server 2016

Cumulative Update 23 for Exchange 2013 is now available. It contains 1 documented security update and 1 additional documented new fix or improvement, as well as all previously released fixes and security updates for Exchange 2013 and the latest DST updates. Note that mainstream support for Exchange 2013 has ended in April 2018.

• KB4502131: “TLS negotiation failed with error UnknownCredentials” error after updating TLSCertificateName on Office 365 send connector in Exchange Server 2013 hybrid environment
• KB4503028 which discusses ADV190018: Microsoft Exchange Server Defense in Depth Update. This update was released separately for CU22 as well.

This release includes no new updates to the Active Directory Schema.

Download: Cumulative Update 23 for Exchange Server 2013 (KB4489622)
Download: Exchange Server 2013 CU23 UM Language Packs
View: Description of Cumulative Update 23 for Exchange Server 2013
View: Blog post of the Exchange Team about CU23 for Exchange Server 2013