HowTo-Outlook

Microsoft released the April 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

This times there are 2 new features and 5 documented fixes.

• Inheritance of attachment labels to email messages
  For email messages with attachments, apply a label that matches the highest classification of those attachments.
• We added a registry key that hides the “Try the new Outlook” toggle
• Key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\General
• Value type: REG_DWORD
• Value name: HideNewOutlookToggle
• Value: 0 (default) – “Try the new Outlook” toggle, if available in selected update channel, is displayed to users.
• Value: 1 – “Try the new Outlook” toggle is hidden.
• We fixed an issue with the sensitivity label not being applied to protected messages.
• We fixed an issue where some users may be unable to view or access group email messages and calendars in the Outlook desktop client.
• We fixed an issue where the “From” field and Signatures were not working while using Google Workspace Sync for Microsoft Outlook.
• We fixed an issue where the right side of the email body was cut off when printed and in print preview.
• We fixed an issue where right clicking a folder in Outlook could cause Office applications to close unexpectedly.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2304 (Build 16327.20214).

The March security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 4 security updates for Publisher (2), Word (1), and Office (1).

In addition, it contains 3 documented non-security fixes related to Outlook Current Version 2303 (of which 2 included in last week’s interim update), 2 new features and 13 fixes for Monthly Enterprise Version 2302, and 11 fixes for Semi-Annual (Preview) Version 2302. Most notable fixes are;

• Version 2303
• We fixed an issue that caused some users to see the wrong Data Loss Prevention policy annotations in a multi-account profile.
• We fixed an issue that caused the new labels to fail to appear for some users of the Label Inheritance feature.
• We fixed an issue that caused the Suggested Replies feature to not be disabled when connected experiences are disabled.
• Version 2302
• Org Explorer
  Visualize and explore your company’s internal structure, work teams, and individual roles.
• Assign a sublabel as the default when a parent label is selected
  When using built-in sensitivity labels in Microsoft 365 Apps, admins can specify a sublabel to get applied automatically when a parent label is selected. This takes effect only when users select a parent label manually.
• We fixed an issue that caused the Suggested Replies feature to not be disabled when connected experiences are disabled.
• We fixed an issue that caused the Sub-folders search scope to be broken when searching in the Online Archive.
• We fixed an issue that caused users in Government Community Cloud tenants to be unable to launch To-Do in Outlook.
• We fixed an issue that caused users with an Outlook.com account in their profile to be prompted for their password and to receive the following error message: “You cannot log in with a personal account. Use your work or school account.”

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
  Version 2303 (Build 16227.20280)
• Monthly Enterprise
  Version 2302 (Build 16130.20394)
  Version 2301 (Build 16026.20274)
• Semi-Annual Enterprise (Preview)
  Version 2302 (Build 16130.20394)
• Semi-Annual Enterprise
  Version 2208 (Build 15601.20626)
  Version 2202 (Build 14931.20964) 
• Outlook LTSC 2021
  Version 2108 (Build 14332.20493)
• Outlook 2019 Volume Licensed
  Version 1808 (Build 10397.20021)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

Microsoft released the March 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

This times there are 4 new features which all relate to Sensitivity Labels and 7 documented fixes.

• Sensitivity Label scoping between files, emails and meetings
  Office applications can now filter out sensitivity labels based on the document type. For example, Outlook email will no longer show labels that only apply to Word, Excel, and PowerPoint documents.
• Assign a sublabel as the default when a parent label is selected
  When using built-in sensitivity labels in Microsoft 365 Apps, admins can specify a sublabel to get applied automatically when a parent label is selected. This takes effect only when users select a parent label manually.
• Disable the Azure Information Protection Add-in by default
  Office apps will now automatically disable the legacy Azure Information Protection add-in and use the built-in sensitivity labels to view and apply labels powered by Microsoft Purview Information Protection.
• Enhanced discovery of sensitivity labels in Outlook
  Admins can configure sensitivity labels to appear on subject lines when composing e-mails, for enhanced user discovery. The labels icons can also be customized.
• We fixed an issue that caused users to see an empty From field drop down when their profile included an SMTP address with an asterisk in it.
• We fixed an issue that caused users with an Outlook.com account in their profile to be prompted for their password and to receive the following error message: “You cannot log in with a personal account. Use your work or school account.”
• We have resolved an issue affecting users of the Label Inheritance feature, which led to incorrect sensitivity label extraction from unencrypted files when co-authoring was enabled.
• We fixed an issue that caused Outlook to close unexpectedly when using Loop Components in an email.
• We fixed an issue that caused Outlook to close unexpectedly when opening emails with a Data Loss Prevention policy applied.
• We fixed an issue where some settings did not roam between machines when switching to Focused Inbox.
• We fixed an issue that caused the Sub-folders search scope to be broken when searching in the Online Archive.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2303 (Build 16227.20212).

The March security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 3 security updates for Excel (2), and Outlook (1). The details about the Outlook vulnerability can be found below;

• CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
  • This vulnerability is currently not publicly disclosed but it is exploited.
  • The exploit for this vulnerability can be triggered automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.
  • The Exploitability Assessment is rated: Exploitation Detected.

Exchange administrators can use this script to analyze whether mailboxes have been targeted by potentially malicious messages.

In addition, it contains 2 documented non-security fixes related to Outlook Current Version 2302, 1 Outlook related new feature in Word and 2 fixes for Monthly Enterprise Version 2301, and 1 fix for Semi-Annual Version 2208.

• Version 2302
• We fixed an issue that caused users in Government Community Cloud tenants to be unable to launch To-Do in Outlook.
• We fixed an issue that caused users to see an inaccurate count of the number of new notifications present when opening the notification pane.
• Version 2301
• Tag your team members with tasks
  Create and assign tasks without leaving Word. Simply add a comment, @mention your team member, press Ctrl + Enter, and check Assign. Your comment becomes a task, and your work is done!
• We fixed an issue that caused the application to close unexpectedly when clicking on non-HTTP links.
• We fixed an issue that caused users to receive an unclear error message when sending an email to a recipient with a very large certificate.
• Version 2208
• We fixed an issue that caused Outlook to close intermittently.

Version 2302 has now also been released to the Semi-Annual Enterprise Channel (Preview) and contains 1 highlighted new feature and 12 fixes which have been made available already to the Current release channel too. The new feature is;

• Find events on your calendar faster than ever
  Improvements to the Calendar search make it faster and easier to find events, such as the next occurrence of a series.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
  Version 2302 (Build 16130.20306)
• Monthly Enterprise
  Version 2301 (Build 16026.20238)
  Version 2212 (Build 15928.20298)
• Semi-Annual Enterprise (Preview)
  Version 2302 (Build 16130.20306)
• Semi-Annual Enterprise
  Version 2208 (Build 15601.20578)
  Version 2202 (Build 14931.20944) 
• Outlook LTSC 2021
  Version 2108 (Build 14332.20481)
• Outlook 2019 Volume Licensed
  Version 1808 (Build 10396.20023)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.

The updates fix the following vulnerabilities;

• CVE-2023-21707: Remote Code Execution Vulnerability

The vulnerability isn’t currently publicly disclosed nor exploited. However, it is rated as “Exploitation More Likely” so make sure you update as soon as possible!

In addition, the Exchange Team highlights the fix for Outlook vulnerability CVE-2023-23397, and the availability of a script to analyze whether mailboxes have been targeted by potentially malicious messages.

The updates also contain the following non-security issues;

• You can’t access Toolbox on Exchange after enabling EnableSerializationDataSigning
• EEMS stops responding after TLS endpoint certificate update
• Get-App and GetAppManifests fail and return an exception
• EWS does not respond and returns an exception
• An exception is returned while opening a template in the Exchange Toolbox

View: Exchange Blog: Released: March 2023 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 14, 2023 (KB5024296)

Download: Security Update for Exchange 2019 CU11 and CU12
Download: Security Update for Exchange 2016 CU23
Download: Security Update for Exchange 2013 CU23 (support ends on April 11, 2023)

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

• CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
  • This vulnerability is currently not publicly disclosed but it is exploited.
  • The exploit for this vulnerability can be triggered automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.
  • The Exploitability Assessment is rated: Exploitation Detected.

Exchange administrators can use this script to analyze whether mailboxes have been targeted by potentially malicious messages.

View: Download information for KB5002254

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5387.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.

A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

• CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
  • This vulnerability is currently not publicly disclosed but it is exploited.
  • The exploit for this vulnerability can be triggered automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.
  • The Exploitability Assessment is rated: Exploitation Detected.

Exchange administrators can use this script to analyze whether mailboxes have been targeted by potentially malicious messages.

View: Download information for KB5002265

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5537.1000.

Microsoft released the February 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

Unfortunately, it is yet a very uneventful release when it comes to Outlook.

Although there is nothing specified for Outlook, there are 1 feature and 1 fix mentioned for other Office apps which are Outlook/email related;

• User-defined permissions now support domain name restrictions
  When you choose a sensitivity label configured for user-defined permissions, domain names can now be used to restrict file access to all individuals from that domain.
  For example, you can specify “someone@example.com” or “@example.com,” and permissions will be restricted based on either the individual or all individuals within the example domain. (Word, Excel, and PowerPoint)

• We fixed an issue that when clicking on an email notification with @mention in a comment, caused Excel to close unexpectedly if the workbook was already open and was in a hidden window.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2302 (Build 16130.20218).

The February security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 3 security updates for Word (1), Publisher (1), and Office (1).

In addition, it contains 1 documented non-security fix related to Outlook Current Version 2301, 5 fixes for Semi-Annual Version 2208, 1 fix for Semi-Annual Version 2202, and 1 fix for Semi-Annual Version 2108.

• Version 2301
• We fixed an issue that caused users to experience the application to close unexpectedly when clicking on some non-HTTP links.
• Version 2208
• We fixed an issue that caused S/MIME users to receive an NDR when selecting the “Send Unencrypted” option.
• We fixed an issue that caused users to experience crashes at unpredictable intervals when using some add-ins.
• We fixed an issue where the time slots of calendars in side-by-side view do not line up correctly.
• We fixed an issue that caused attachment size limits to not be evaluated when drag/dropping an attachment into a mail message.
• Fixed an issue where a dialog box saying “Trying to connect” would appear for multiple minutes while trying to save email attachments to a network share.
• Version 2202
• We fixed an issue that caused users to experience crashes at unpredictable intervals when using some add-ins.
• Version 2108
• We fixed an issue where references and reply-to headers were removed when replying to an email and the subject was changed.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
  Version 2301 (Build 16026.20200)
• Monthly Enterprise
  Version 2212 (Build 15928.20282)
  Version 2211 (Build 15831.20280)
• Semi-Annual Enterprise (Preview)
  Version 2208 (Build 15601.20538)
• Semi-Annual Enterprise
  Version 2208 (Build 15601.20538)
  Version 2202 (Build 14931.20926)
  Version 2108 (Build 14326.21336) 
• Outlook LTSC 2021
  Version 2108 (Build 14332.20461)
• Outlook 2019 Volume Licensed
  Version 1808 (Build 10395.20020)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.

The updates fix the following vulnerabilities;

• CVE-2023-21529: Remote Code Execution Vulnerability
• CVE-2023-21706: Remote Code Execution Vulnerability
• CVE-2023-21707: Remote Code Execution Vulnerability
• CVE-2023-21710: Remote Code Execution Vulnerability

None of the vulnerabilities are currently publicly disclosed or exploited. However, the first 3 vulnerabilities are rated as “Exploitation More Likely” so make sure you update as soon as possible!

The updates also contain the following non-security issues;

• Export-UMPrompt fails with InvalidResponseException
• Edge Transport service returns an “EseNtOutOfSessions” Exception
• Exchange services in automatic startup mode do not start automatically
• Data source returns incorrect checkpoint depth
• Serialization fails while tried accessing Mailbox Searches in ECP
• Transport delivery service mishandles iCAL events

View: Exchange Blog: Released: February 2023 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: February 14, 2023 (KB5023038)

Download: Security Update for Exchange 2019 CU11 and CU12
Download: Security Update for Exchange 2016 CU23
Download: Security Update for Exchange 2013 CU23 (support ends on April 11, 2023)