HowTo-Outlook

A Security Update has been released for Outlook 2016. It provides “enhanced security as a defense in depth measure” as described in ADV180021 and is not related to a know security vulnerability. This update also contains additional fixes for 6 non-security issues.

Most notable fixes in this update;

• With this update installed, Microsoft Outlook 2016 restricts users from adding cloud files as attachments to digitally signed, rights-protected, or encrypted email messages.
• Assume that you sign in to Outlook 2016 by using an account that doesn’t use the modern authentication in Windows 10. The Security Support Provider Interface (SSPI) authentication prompt will sometimes appear behind other windows, and it is inaccessible by keyboard. See KB 4032226 for more information.
• Dynamics CRM functionality is blocked unless you enable all roaming folder homepages by using the EnableRoamingFolderHomepages registry key.

Office 365 subscribers in the Monthly Channel also got the following new features;

• Outlook add-in warnings
  Occasionally an Outlook COM add-in can encounter problems that slows down the rest of Outlook. These problems could be due to latency of events such as switching between Outlook folders, arrival of new emails, opening Calendar items, etc. When such issues arise, Outlook will display a warning in the notification bar.
• Join Teams meetings from the Outlook Reminders dialog
  When Outlook reminds users of an upcoming meeting, it will show a Join Online button if the upcoming meeting is a Teams online meeting. This is similar to the experience of joining a Skype for Business meeting from the Outlook Reminders dialog.

View: Download information for KB4022160

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 365 and updates Outlook to version 16.0.4732.1000 (msi-based installation) or version 1807 build 10325.20118 (Office 365 based installation) or version 1803 build 9126.2275 (Office 365 Semi-Annual release).

A Security Update has been released for Outlook 2013. It provides “enhanced security as a defense in depth measure” as described in ADV180021 and is not related to a know security vulnerability. This update also contains additional fixes for 6 non-security issues.

Most notable fixes in this update;

• After you use the “Rooms” button or the Room Finder add-in to change the conference room for a meeting, the “Location” of the meeting is not automatically updated to match the newly selected room.
• Assume that you sign in to Outlook 2013 by using an account that doesn’t use modern authentication in Windows 10. The Security Support Provider Interface (SSPI) authentication prompt will sometimes appear behind other windows and be inaccessible from the keyboard. For more information, see KB4032226.
• Dynamics CRM functionality is blocked unless you enable all roaming folder homepages by using the EnableRoamingFolderHomepages registry key.

View: Download information for KB4032240

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 365 and updates Outlook to version 15.0.5059.1000.

A Security Update has been released for Outlook 2010. It provides “enhanced security as a defense in depth measure” as described in ADV180021 and is not related to a know security vulnerability.

Additionally, it fixes a non-security issue where Dynamics CRM functionality is blocked unless you enable all roaming folder homepages by using the EnableRoamingFolderHomepages registry key.

View: Download information for KB4032222

Note: This update can be installed via Microsoft Update and updates Outlook to version 14.0.7212.5000.

Security updates have been released for Exchange 2013 and Exchange 2016. They contain updates for the following 2 security issues;

• CVE-2018-8302: Microsoft Exchange Memory Corruption Vulnerability
• CVE-2018-8374: Microsoft Exchange Server Tampering Vulnerability

View: Description of update KB4340731
Download: Security Update For Exchange Server 2016 CU10 (KB4340731)
Download: Security Update For Exchange Server 2016 CU9 (KB4340731)
Download: Security Update For Exchange Server 2013 CU21 (KB4340731)
Download: Security Update For Exchange Server 2013 CU20 (KB4340731)

Update Rollup 23 for Exchange 2010 Service Pack 3 is now available. It contains 1 documented new security updates and all previously released fixes and security updates for Exchange 2010 SP3. Note that mainstream support for Exchange 2010 has already ended.

• CVE-2018-8302: Microsoft Exchange Memory Corruption Vulnerability
  Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.

View: Description of Update Rollup 23 for Exchange Server 2010
Download: Update Rollup 23 For Exchange 2010 SP3 (KB4340733)

A Rollup Update has been released for Outlook 2016. This is a non-security update which contains 5 documented improvements and fixes.

Most notable fixes in this update;

• After you use the “Rooms” button or the Room Finder add-in to change the conference room for a meeting, the Location of the meeting is not automatically updated to match the newly selected room. Also requires update KB3191864.
• This update adds a Group Policy that lets administrators hide the “Do Not Send a Response” option when attendees respond to a meeting via the ForceMtgResponse Registry value.
• This update enables the Outlook Add-in Store for General Data Protection Regulation (GDPR) scenarios.

Office 365 subscribers also got the following new features and changes;

• Recurrence default
  In the Appointment Recurrence dialog box (under “Range of recurrence”), “End by” is the default setting (instead of “No end date”) and is the first setting listed, and a default end date is set.
• Accessibility Checker improvements
  The Accessibility Checker has updated support for international standards and recommendations to make your messages more accessible.

View: Download information for KB4022230

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 365 and updates Outlook to version 16.0.4717.1000 (msi-based installation) or version 1806 build 10228.20080 (Office 365 based installation).

A Rollup Update has been released for Outlook 2013. This is a non-security update which contains 2 documented improvements and fixes.

• This update provides the translation update for some strings to improve the accuracy.
• When you close an email message from the taskbar, Outlook 2013 may crash.

View: Download information for KB4022242

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 365 and updates Outlook to version 15.0.5049.1000.

Cumulative Update 10 for Exchange 2016 is now available. It contains 13 documented new fixes or improvements, and all previously released fixes and security updates for Exchange 2016 as well as the latest DST updates.

Notable improvements, changes and fixes are;

• .NET Framework 4.7.1 is now required.
• VC++ 2013 runtime library is now required.
• KB4294209: Cannot clear the “Maximum message size” check box for Send messages or Receive messages in EAC in Exchange Server 2016.
• KB4294212: Cannot send VBScript-created messages in the Outlook 2016 client
• KB4294210: Cannot edit an email attachment in OWA in an Exchange Server 2016 environment.

This release includes no new updates to the Active Directory Schema.

Download: Cumulative Update 10 for Exchange Server 2016 (KB4099852)
Download: Exchange Server 2016 CU10 UM Language Packs
View: Description of Cumulative Update 10 for Exchange Server 2016
View: Blog post of the Exchange Team about CU10 for Exchange Server 2016

Cumulative Update 21 for Exchange 2013 is now available. It contains 10 documented new fixes or improvements, and all previously released fixes and security updates for Exchange 2013 as well as the latest DST updates. Note that mainstream support for Exchange 2013 has ended in April 2018.

Notable improvements, changes and fixes are;

• .NET Framework 4.7.1 is now required.
• VC++ 2013 runtime library is now required.
• KB4133604: User can’t log on to a POP/IMAP account by using NTLM authentication in Exchange Server 2013
• KB4058473: An Office 365 primary mailbox user cannot be assigned full access permissions for an on-premises mailbox in Exchange Server
• KB4294205: POP3 services intermittently stop in an Exchange Server 2013 environment

This release includes no new updates to the Active Directory Schema.

Download: Cumulative Update 21 for Exchange Server 2013 (KB4099855)
Download: Exchange Server 2013 CU21 UM Language Packs
View: Description of Cumulative Update 21 for Exchange Server 2013
View: Blog post of the Exchange Team about CU21 for Exchange Server 2013

Update Rollup 22 for Exchange 2010 Service Pack 3 is now available. It contains 2 changes and 1 documented new fix and all previously released fixes and security updates for Exchange 2010 SP3. Note that mainstream support for Exchange 2010 has already ended.

• VC++ 2013 runtime library is now required.
• Added support for Windows Server 2016 domain controllers.
• KB4295751: EWS impersonation not working when accessing resource mailboxes in a different site in Exchange Server 2010 SP3

View: Description of Update Rollup 22 for Exchange Server 2010
Download: Update Rollup 22 For Exchange 2010 SP3 (KB4295699)
View: Blog post of the Exchange Team about Rollup 22 for Exchange Server 2010