Outlook 2016 / 2019 / 365 Security Update for November 2018

News

A Security Update has been released for Outlook 2016 Retail, Outlook 2019 and Office 365. It resolves the following 6 vulnerabilities;

  • CVE-2018-8522, CVE-2018-8524 and CVE-2018-8576
    Which could allow remote code execution via a specially crafted Office file.
  • CVE-2018-8582
    Which could allow remote code execution when importing a specially crafted rwz-file (rules export).
  • CVE-2018-8558 and CVE-2018-8579
    Which could lead to information disclosure as users could share anonymously-accessible links to other users via email where these links are intended to be accessed only by specific users.

Based on your release channel, you’ll be updated to the following version;

  • Office 365, Outlook 2016 Retail, Outlook 2019 Retail
    Version 1810 (Build 11001.20108)
  • Outlook 2019 Volume License
    Version 1808 (Build 10338.20019)
  • Office 365 Semi Annual Channel
    Version 1803 (Build 9126-2315)

Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself. This update does not apply to msi-based installation of Office 2016.


 


Outlook 2016 (MSI) Security Update for November 2018

News

A Security Update has been released for Outlook 2016. It resolves the vulnerabilities mentioned in CVE-2018-8522, CVE-2018-8524 and CVE-2018-8576 which could allow remote code execution via a specially crafted Office file as well as CVE-2018-8582 which could allow remote code execution when importing a specially crafted rwz-file (rules export).

This update also contains additional fixes for 13 non-security issues. Most notable are;

  • When you switch between Mail and Calendar, Outlook 2016 crashes.
  • When you reply to or forward an internal email message, the email address is not displayed in the message body. Only the display name is displayed.
  • When the primary email address and User Principal Name (UPN) are changed in Active Directory or Azure Active Directory, the old SMTP address and UPN in a user’s Outlook profile file aren’t changed.
  • When you reply to an Information Rights Management (IRM)-protected email message, you receive the following error message:
    • The operation failed. The messaging interfaces have returned an unknown error. If the problem persists, restart Outlook. [OK].
  • This update allows you to hide the retention policy User Interface (UI). via the SuppressRetentionPolicyUI Registry key.
  • This update enables support for TLS version 1.2 for IMAP, POP, and SMTP connections.

View: Download information for KB4461506

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4756.1001. This update does not apply to Perpetual and Office 365 based installations of Office 2016.


    Outlook 2013 Security Update for November 2018

    News

    A Security Update has been released for Outlook 2013. It resolves the vulnerabilities mentioned in CVE-2018-8522, CVE-2018-8524 and CVE-2018-8576 which could allow remote code execution via a specially crafted Office file as well as CVE-2018-8582 which could allow remote code execution when importing a specially crafted rwz-file (rules export).

    This update also contains additional fixes for 4 non-security issues.

    • When the primary email address and User Principal Name (UPN) are changed in Active Directory or Azure Active Directory, the old SMTP address and the UPN in a user’s Outlook profile file are not changed. 
    • You can’t switch between accounts on a custom form by using the Accounts button.
    • When running Outlook in online mode, “Cc” recipients may not appear in the email message.
    • This update also enables support for TLS version 1.2 for IMAP, POP, and SMTP connections.

    View: Download information for KB4461486

    Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5085.1000.


    Sperry Software
    Use "BH93RF24" to get a discount when ordering!

    Outlook 2010 Security Update for November 2018

    News

    A Security Update has been released for Outlook 2010. It resolves the vulnerabilities mentioned in CVE-2018-8522, CVE-2018-8524 and CVE-2018-8576 which could allow remote code execution via a specially crafted Office file as well as CVE-2018-8582 which could allow remote code execution when importing a specially crafted rwz-file (rules export).

    View: Download information for KB4461529

    Update: When using the 64-bit version of Outlook 2010, install KB4461585 instead as this fixes an issue with the KB4461529 update which may crash Outlook on startup.

    Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7224.5000 (32-bit) or 14.0.7224.5001 (64-bit).


    Outlook for Office 365 Feature Update for October 2018

    News

    Outlook for Office 365 (Monthly Channel) got the following new features or major changes this month;

    • People suggestions in the Scheduling Assistant
      See recommendations for attendees to add when you schedule a meeting. No more switching back and forth between the Scheduling Assistant and the To line.
    • Reserving a room just got easier
      Look for a conference room using more than one room list – and switch lists without losing rooms you’ve selected.
    • Stop seeing reminders for past events
      You can set your calendar to automatically dismiss reminders for events after they’ve ended.

    Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself and updates Outlook to: Version 1810 (Build 11001.20074).


    Exchange 2016 CU11

    News

    Cumulative Update 11 for Exchange 2016 is now available. It contains 21 documented new fixes or improvements, and all previously released fixes and security updates for Exchange 2016 as well as the latest DST updates.

    Notable improvements, changes and fixes are;

    • .NET Framework 4.7.2 is now supported.
    • VC++ 2012 runtime library is now required (in addition to the already required VC++ 2013 runtime library for the Mailbox role).
    • KB4456225: The image in a signature that’s created in Outlook on the web isn’t visible to external users in Exchange Server 2016
    • KB4456243: Hashed lines shown in scheduling assistant when Exchange Server 2016 tries to retrieve free/busy information across untrusted forests
    • KB4456259: Exchange Server 2016 user can’t access a shared calendar from Exchange Server 2013
    • KB4459847: Can’t send S/MIME encrypted mail or update the S/MIME control from Outlook on the web in Exchange Server 2016

    This release includes no new updates to the Active Directory Schema.
    The next planned quarterly update is in March 2019.

    Download: Cumulative Update 11 for Exchange Server 2016 (KB4134118)
    Download: Exchange Server 2016 CU11 UM Language Packs
    View: Description of Cumulative Update 11 for Exchange Server 2016
    View: Blog post of the Exchange Team about CU11 for Exchange Server 2016


    Outlook 2016 / 2019 / 365 Security Update for October 2018

    News

    A Security Update has been released for Outlook 2016 Retail, Outlook 2019 and Office 365. It provides “enhanced security as a defense in depth measure” as described in ADV180026 and is not related to a known security vulnerability.

    Based on your release channel, you’ll be updated to the following version;

    • Office 365, Outlook 2016 Retail, Outlook 2019 Retail
      Version 1809 (Build 10827.20150)
    • Outlook 2019 Volume License
      Version 1808 (Build 10337.20021)
    • Office 365 Semi Annual Channel
      Version 1803 (Build 9126.2295)

    Note: Depending on your installation type, this update can be installed via the Microsoft Store or the Update Now button in Outlook itself. This update does not apply to msi-based installation of Office 2016.


    Outlook 2016 Security Update for October 2018

    News

    A Security Update has been released for Outlook 2016. It provides “enhanced security as a defense in depth measure” as described in ADV180026 and is not related to a known security vulnerability. This update also contains additional fixes for 10 non-security issues.

    Most notable fixes in this update;

    • This update adds support for the Bcc MailTip. Bcc recipients will now receive an informative message when they click Reply All. The message will warn them that replying all as a Bcc recipient will reveal their presence in the mail thread.
    • When you disable the Reply All button by using the DisabledCmdBarItemsList registry key, the Forward button is also accidentally disabled.
    • The message body of an attached email message is not displayed correctly.

    View: Download information for KB4461440

    Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.4756.1001. This update does not apply to Perpetual and Office 365 based installations of Office 2016.


    Outlook 2013 Security Update for October 2018

    News

    A Security Update has been released for Outlook 2013. It provides “enhanced security as a defense in depth measure” as described in ADV180026 and is not related to a known security vulnerability. This update also contains additional fixes for 2 non-security issues.

    • In some cases, the message body of an attached email message is not displayed correctly. For example, after you apply the update KB 4011078, the content in the message body of the attached email message becomes plain text when Outlook 2013 is configured for Exchange online.
    • When the message body of an email message includes a text line that begins with a space and exceeds 988 octets, Outlook fails to upload the message to the IMAP server.

    View: Download information for KB4092477

    Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5075.1001.