Outlook 365 / 2021 / 2019 / 2016 Update for September 2023

News

The September security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 8 security updates for Excel (1), Outlook (1), Word (2), and Office (4). The details about the Outlook vulnerability can be found below;

  • CVE-2023-36763: Microsoft Outlook Information Disclosure Vulnerability
    • This vulnerability is currently not publicly disclosed nor exploited.
    • Exploitation of the vulnerability requires no user interaction and could allow the disclosure of credentials.
    • The Preview Pane is not an attack vector.
    • The Exploitability Assessment is rated: Exploitation Less Likely.

In addition, it contains 4 non-security fixes related to Outlook Current Channel Version 2308, 8 fixes related to Outlook Monthly Enterprise Version 2307, 4 fixes related to Outlook Semi-Annual Version 2302, and 1 fix related to Outlook Semi-Annual Version 2208. Most notable fixes are;

  • Version 2308
    • We fixed an issue where an out-of-memory error would appear when sending email after seeing the WaitOnSend dialog pop up.
    • We fixed an issue where the External Sender tag was not showing.
    • We fixed an issue that caused Outlook to close unexpectedly when viewing an email.
    • We fixed an issue that caused Outlook to close unexpectedly in some search scenarios.
  • Version 2307
    • We fixed an issue that caused the incorrect working hours to be displayed on shared-in calendars.
    • We fixed an issue that caused the application to close unexpectedly when clicking on non-HTTP links.
    • We fixed an issue that caused users to receive errors about having too many Actionable Messages open more frequently than expected.
    • We fixed an issue where Outlook would prompt the user to save changes to a meeting when no changes were made.
  • Version 2302
    • We fixed an issue that caused users to receive a Non-Delivery Report (NDR) when overriding the oversharing policy notification or reporting it as a false positive.
    • We fixed an issue that caused Outlook to fail to display PolicyTips in Outlook sessions that were launched with no internet connection.
    • We fixed an issue that caused Outlook to close unexpectedly when viewing an email.
  • Version 2302 and Version 2208
    • We fixed an issue that caused some users of Outlook to see a “Retrieving templates from server” dialog for a very long time when clicking on the “From” field in an email message.

Version 2308 has now also been released to the Semi-Annual Enterprise Channel (Preview) and contains 7 highlighted new features and over 37 fixes related to Outlook, which have been made available already to the Current release channel too. The new features are;

  • Get relevant alerts with new Notifications pane
    Don’t let important information get buried in your inbox. The new Notifications pane in Outlook delivers notifications that are relevant to you in the context of your regular email. The pane gives you the ability to customize the types of notifications you wish to receive, including email and document @mentions, travel updates, deliveries, and more.
  • Org Explorer
    Visualize and explore your company’s internal structure, work teams, and individual roles.
  • Assign a sublabel as the default when a parent label is selected
    When using built-in sensitivity labels in Microsoft 365 Apps, admins can specify a sublabel to get applied automatically when a parent label is selected. This takes effect only when users select a parent label manually.
  • Accessibility Ribbon in Outlook for Windows
    The Accessibility Ribbon brings together in one place all the tools you need to make your emails accessible.
  • We added a registry key that hides the “Try the new Outlook” toggle
    To learn more about the new Outlook for Windows, please click here. For additional information on managing mailbox access to the new Outlook for Windows, please click here.
    • Key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\General
    • Value type: REG_DWORD
    • Value name: HideNewOutlookToggle
    • Possible values;
      • 0 (default) – “Try the new Outlook” toggle, if available in selected update channel, is displayed to users
      • 1 – “Try the new Outlook” toggle is hidden
  • Inheritance of attachment labels to email messages
    For email messages with attachments, apply a label that matches the highest classification of those attachments.
  • Block emails with sensitive labels
    Implement pop-up messages in Outlook that warn, justify, or block emails being sent based on sensitivity labels.

Based on your release channel, you’ll be updated to the following version;

  • Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
    Version 2308 (Build 16731.20234)
  • Monthly Enterprise
    Version 2307 (Build 16626.20208)
    Version 2306 (Build 16529.20254)
  • Semi-Annual Enterprise (Preview)
    Version 2308 (Build 16731.20234)
  • Semi-Annual Enterprise
    Version 2302 (Build 16130.20766)
    Version 2208 (Build 15601.20772) 
  • Outlook LTSC 2021
    Version 2108 (Build 14332.20565)
  • Outlook 2019 Volume Licensed
    Version 1808 (Build 10402.20023)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.


Sperry Software
Use "BH93RF24" to get a discount when ordering!

Outlook 2016 (MSI) Security Update for September 2023

News

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

  • CVE-2023-36763: Microsoft Outlook Information Disclosure Vulnerability
    • This vulnerability is currently not publicly disclosed nor exploited.
    • Exploitation of the vulnerability requires no user interaction and could allow the disclosure of credentials.
    • The Preview Pane is not an attack vector.
    • The Exploitability Assessment is rated: Exploitation Less Likely.

View: Download information for KB5002499

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5413.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.


Outlook for Microsoft 365 Apps Feature Update for August 2023

News

Microsoft has released the July 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

This time there are 1 new feature and 4 documented fixes.

  • Updated encryption for Microsoft Purview Information Protection
    Advanced Encryption Standard (AES) with 256-bit key length in Cipher Block Chaining mode (AES256-CBC) is now the default Microsoft Purview Information Protection encryption mechanism for Microsoft 365 Apps documents and emails.
  • We fixed an error that users were hitting when they tried to override a Policy Tip detection or to report it as a false positive.
  • We fixed an issue that caused Outlook to exit unexpectedly when users executed a search with the “All Mailboxes” scope.
  • We fixed an issue that caused the application to close unexpectedly when clicking on non-HTTP links.
  • We fixed an issue that caused the incorrect workdays to be displayed on shared-in calendars.

Excel also got a very useful new shortcut worth sharing;

  • Paste values directly into your workbook using a keyboard shortcut
    The keyboard shortcut CTRL+SHIFT+V lets you quickly Paste Values rather than having to choose Paste Values from the menu.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2308 (Build 16731.20170).


Outlook 365 / 2021 / 2019 / 2016 Update for August 2023

News

The July security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 9 security updates for Excel (2), Outlook (1), Visio (3), and Office (3). The details about the Outlook vulnerability can be found below;

  • CVE-2023-36893: Microsoft Outlook Spoofing Vulnerability
    • This vulnerability is currently not publicly disclosed nor exploited.
    • Exploitation of the vulnerability requires that a user with an affected version of Outlook opens a malicious meeting or appointment invite from the attacker.
    • The Preview Pane is not an attack vector.
    • The Exploitability Assessment is rated: Exploitation Less Likely.

In addition, it contains 3 non-security fixes related to Outlook Current Channel Version 2307, and 1 new feature and 2 fixes related to Outlook Monthly Enterprise Version 2306.

  • Version 2307
    • We fixed an issue that caused Outlook to fail to show Top Search Results in some views.
    • We fixed an issue where Microsoft 365 links failed to launch properly.
    • We fixed an issue that caused users to receive errors about having too many Actionable Messages open more frequently than expected.
  • Version 2306
    • Accessibility Ribbon in Outlook for Windows
      The Accessibility Ribbon brings together in one place all the tools you need to make your emails accessible.
    • We fixed an issue that caused users to get prompted to save changes to an unmodified email message.
    • We fixed an issue where the Me control showed the wrong display name in Office apps.

Based on your release channel, you’ll be updated to the following version;

  • Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
    Version 2307 (Build 16626.20170)
  • Monthly Enterprise
    Version 2306 (Build 16529.20226)
    Version 2305 (Build 16501.20286)
  • Semi-Annual Enterprise (Preview)
    Version 2302 (Build 16130.20714)
  • Semi-Annual Enterprise
    Version 2302 (Build 16130.20714)
    Version 2208 (Build 15601.20742)
    Version 2202 (Build 14931.21078) 
  • Outlook LTSC 2021
    Version 2108 (Build 14332.20546)
  • Outlook 2019 Volume Licensed
    Version 1808 (Build 10401.20025)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.


Exchange 2019 and 2016 Security Updates for August 2023

News

Security updates have been released for Exchange 2016 and Exchange 2019. There is no security update for Exchange 2013 as support ended on April 11, 2023.

The updates fix the following vulnerabilities;

  • CVE-2023-21709: Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2023-35368: Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2023-35388: Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2023-36744: Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2023-36745: Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2023-36756: Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2023-36757: Microsoft Exchange Spoofing Vulnerability
  • CVE-2023-36777: Microsoft Exchange Server Information Disclosure Vulnerability
  • CVE-2023-38181: Microsoft Exchange Server Spoofing Vulnerability
  • CVE-2023-38182: Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2023-38185: Microsoft Exchange Server Remote Code Execution Vulnerability

None of the vulnerabilities are currently publicly disclosed nor exploited. However, 2 of them are rated as “Exploitation More Likely” so make sure you update as soon as possible!

Additionally, to properly address vulnerability CVE-2023-21709, you must run a script or an additional PowerShell command as discussed in the referenced article.

The updates also contain the following new feature and non-security issues;

View: Exchange Blog: Released: August 2023 Exchange Server Security Updates
View: Exchange Blog: September 2023 release of new Exchange Server CVEs (resolved by August 2023 Security Updates)
View: Description of version 2 of the security update for Microsoft Exchange Server 2019 and 2016: August 15, 2023 (KB5030524) 

Download: Security Update V2 for Exchange 2019 CU12 and CU13
Download: Security Update V2 for Exchange 2016 CU23.


Outlook 2016 (MSI) Security Update for August 2023

News

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

  • CVE-2023-36893: Microsoft Outlook Spoofing Vulnerability
    • This vulnerability is currently not publicly disclosed nor exploited.
    • Exploitation of the vulnerability requires that a user with an affected version of Outlook opens a malicious meeting or appointment invite from the attacker.
    • The Preview Pane is not an attack vector.
    • The Exploitability Assessment is rated: Exploitation Less Likely.

View: Download information for KB5002459

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5408.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.


Outlook 2013 Security Update for August 2023

News

A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

  • CVE-2023-36893: Microsoft Outlook Spoofing Vulnerability
    • This vulnerability is currently not publicly disclosed nor exploited.
    • Exploitation of the vulnerability requires that a user with an affected version of Outlook opens a malicious meeting or appointment invite from the attacker.
    • The Preview Pane is not an attack vector.
    • The Exploitability Assessment is rated: Exploitation Less Likely.

View: Download information for KB5002449

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5579.1000.


Outlook for Microsoft 365 Apps Feature Update for July 2023

News

Microsoft has released the July 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

It’s a bit of an uneventful release as there are only 2 documented fixes this time and no new features.

  • We fixed an issue where opening links in Edge would cause the side pane to not be visible.
  • We fixed an issue where Outlook would prompt the user to save changes to a meeting when no changes were made.

Excel did get an interesting new feature though;

  • Performance improvement related to fonts
    If you do not use printer fonts or have not heard of printer fonts, unchecking the setting in File-> Options-> Advanced-> “Include fonts that are stored on the printer” can help speed up font related operations such as choosing a font from font drop down, or formatting a cell by bolding/italicizing a cell’s font, etc.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2307 (Build 16626.20132).


Outlook 365 / 2021 / 2019 / 2016 Update for July 2023

News

The July security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 10 security updates for Excel (3), Outlook (2), and Office (5). The details about the Outlook vulnerabilities can be found below;

  • CVE-2023-33151: Microsoft Outlook Spoofing Vulnerability
    • This vulnerability is currently not publicly disclosed nor exploited.
    • Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
    • The Exploitability Assessment is rated: Exploitation Less Likely.
  • CVE-2023-35311: Microsoft Outlook Security Feature Bypass Vulnerability
    • This vulnerability is currently not publicly disclosed but it is being exploited already.
    • Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
    • The Exploitability Assessment is rated: Exploitation Detected.

In addition, it contains 1 new feature and 3 non-security fixes related to Outlook Monthly Enterprise Version 2305.

  • Block emails with sensitive labels
    Implement pop-up messages in Outlook that warn, justify, or block emails being sent based on sensitivity labels.
  • We fixed an issue where the application would close unexpectedly when searching using dates.
  • We fixed an issue that caused users to see the error, “We cannot render Actionable Messages right now” when reading some email messages.
  • We fixed an issue where doing a mail merge would display the error, “Microsoft Word is required to run the Mail Merge Wizard”.

Version 2302 has now also been released to the Semi-Annual Enterprise Channel and contains 1 highlighted new features and 25 fixes which have been made available already to the other release channels. The new feature and some notable fixes are;

  • Improved Calendar Search
    Improvements have been made to Calendar search, largest of which is the ability to more easily find the next occurrence of a series in search results.
  • We fixed an issue that caused users with an Outlook.com account in their profile to be prompted for their password and to receive the following error message: “You cannot log in with a personal account. Use your work or school account.”
  • We fixed an issue that caused Outlook to close unexpectedly when using Loop Components in an email.
  • We fixed an issue where some settings did not roam between machines when switching to Focused Inbox.
  • We fixed an issue that caused the Sub-folders search scope to be broken when searching in the Online Archive.

Based on your release channel, you’ll be updated to the following version;

  • Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
    Version 2306 (Build 16529.20182)
  • Monthly Enterprise
    Version 2305 (Build 16501.20242)
    Version 2304 (Build 16327.20348)
  • Semi-Annual Enterprise (Preview)
    Version 2302 (Build 16130.20644)
  • Semi-Annual Enterprise
    Version 2302 (Build 16130.20644)
    Version 2208 (Build 15601.20706)
    Version 2202 (Build 14931.21040) 
  • Outlook LTSC 2021
    Version 2108 (Build 14332.20529)
  • Outlook 2019 Volume Licensed
    Version 1808 (Build 10400.20007)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.


Outlook 2016 (MSI) Security Update for July 2023

News

A Security Update has been released for Outlook 2016. It resolves the following vulnerabilities;

  • CVE-2023-33151: Microsoft Outlook Spoofing Vulnerability
    • This vulnerability is currently not publicly disclosed nor exploited.
    • Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
    • The Exploitability Assessment is rated: Exploitation Less Likely.
  • CVE-2023-35311: Microsoft Outlook Security Feature Bypass Vulnerability
    • This vulnerability is currently not publicly disclosed but it is being exploited already.
    • Exploitation of the vulnerability requires that a user to click on a specially crafted URL to be compromised by the attacker.
    • The Exploitability Assessment is rated: Exploitation Detected.

View: Download information for KB5002427

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5404.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.