• Outlook User
  • Exchange Admin
  • Office 365
  • Outlook Developer
  • Outlook.com
  • Outlook Mac
  • Outlook & iCloud
    • Common Problems
    • Outlook BCM
    • Utilities & Addins

Volume 28 Issue 7

Slipstick Systems

Issue Date: March 16, 2023 « Previous Issue | Next Issue »

The following articles were included in our Exchange Messaging Outlook (EMO) newsletter published on March 16, 2023.

EMO is a weekly publication. To receive your own copy of EMO by email, subscribe here.

Support Exchange Messaging Outlook Sponsors

Increase Your Productivity!

ReliefJet Essentials for Outlook is a set of more than 160 tools for performing a wide range of tasks in Outlook: processing email messages, contacts, appointments, meetings, tasks and other Outlook items.

ReliefJet Essentials for Outlook

Today's Highlights »

  • Zero-Day Exploit in Outlook
  • Links in Outlook open in Edge

Zero-Day Exploit in Outlook

Microsoft announced a zero-day vulnerability in Outlook earlier this week and all supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.

The exploit is triggered by a specially-crafted messages and uses SMB/TCP port 445 to get NTLM authentication and gain access to other network services. No user interaction is required.

Online services such as Microsoft 365 do not support NTLM authentication and are not vulnerable to being attacked by these messages.

Organizations with on-premise mailboxes or services are at risk.

Recommended fixes to reduce vulnerability:

  1. Add users to the Protected Users Security Group, which prevents the use of NTLM as an authentication mechanism. Performing this mitigation makes troubleshooting easier than other methods of disabling NTLM.
  2. Block TCP 445/SMB outbound at the perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares.

Microsoft's articles on the exploit are here:
CVE-2023-23397 - Security Update Guide - Microsoft - Microsoft Outlook Elevation of Privilege Vulnerability
Microsoft Mitigates Outlook Elevation of Privilege Vulnerability | MSRC Blog | Microsoft Security Response Center

Links in Outlook open in Edge

Microsoft is implementing a change Outlook and Edge where links in Outlook will open by default in Edge, not in your default browser (assuming it is not Edge. If you want the links to open in your default browser, you need to change a setting in Outlook's File > Options > Advanced > Link handling.

It will roll out to consumers with Personal or Family subscriptions first, beginning with the Office Insiders (beta) before rolling out to all consumers in the coming weeks. Eventually, it will turn up in business accounts.

Time will tell if this is flop or welcome change, but my money is on flop, especially since it changes the behavior users expect.

Microsoft has these two articles on this new features.
Stay in your flow with Microsoft 365 on Microsoft Edge
Multitask smarter with Microsoft 365 and Edge | Microsoft 365 Blog

New & Updated Microsoft 365 & Exchange Server Support Articles

EWS web application pool stops after the February 2023 Security Update is installed

An exception is returned while opening a template in the Exchange Toolbox

EWS does not respond and returns an exception

Get-App and GetAppManifests fail and return an exception

EEMS stops responding after TLS endpoint certificate update

You can’t access Toolbox on Exchange after enabling EnableSerializationDataSigning

Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 14, 2023 (KB5024296)

"Cannot Send Mail - Your mailbox is full" error when you use iPhone mail to send very large attachments (KB5004622)

New & Updated Outlook Support Articles

Description of the security update for Outlook 2016: March 14, 2023 (KB5002254)

Description of the security update for Outlook 2013: March 14, 2023 (KB5002265)

March 2023 updates for Microsoft Office

Outlook unexpectedly opens a browser window if OWA is disabled

Problems syncing shared calendars when enabling "Can view title and location" permissions

Your Microsoft account, your data, your choices

You cannot change a user's categories when you work as a delegate in Outlook
Describes an issue in which you cannot make changes to categories as a delegate in another user's Inbox or Outlook folder in Outlook. Provides a resolution.

Other Resources

Change Appointment Reminder Sounds
Did you ever wonder if you could assign different reminders to different types of Microsoft Outlook appointments? Yes, you can! You can also change the reminder sound for tasks and flags.

Volume 28 Issue 7 was last modified: March 18th, 2023 by Slipstick

Visit Slipstick Forums.
What's New at Slipstick.com

Latest EMO: Vol. 28 Issue 7

Support Services

Do you need help setting up Outlook, moving your email to a new computer, migrating or configuring Office 365, or just need some one-on-one assistance?

Our Sponsors

CompanionLink
ReliefJet
  • Popular
  • Latest
  • WeekMonthAll
  • Outlook's Left Navigation Bar
  • Adjusting Outlook's Zoom Setting in Email
  • How to Remove the Primary Account from Outlook
  • Save Sent Items in Shared Mailbox Sent Items folder
  • Use PowerShell to get a list of Distribution Group members
  • Create rules that apply to an entire domain
  • Move an Outlook Personal Folders .pst File
  • Remove a password from an Outlook *.pst File
  • Meeting Requests and Appointments are Off by One Hour
  • How to Hide or Delete Outlook's Default Folders
  • Change Appointment Reminder Sounds
  • Messages appear duplicated in message list
  • Reset the New Outlook Profile
  • Delete Old Calendar Events using VBA
  • Use PowerShell or VBA to get Outlook folder creation date
  • Outlook's Left Navigation Bar
  • Contact's Display Bug
  • Use PowerShell to get a list of Distribution Group members
  • Edit Outlook’s Attach File list
  • Outlook Error: Google Couldn't sign you in
Ajax spinner

Newest Code Samples

Delete Old Calendar Events using VBA

Use PowerShell or VBA to get Outlook folder creation date

Rename Outlook Attachments

Format Images in Outlook Email

Set Outlook Online or Offline using VBScript or PowerShell

List snoozed reminders and snooze-times

Search your Contacts using PowerShell

Filter mail when you are not the only recipient

Add Contact Information to a Task

Process Mail that was Auto Forwarded by a Rule

Recent Bugs List

Microsoft keeps a running list of issues affecting recently released updates at Fixes or workarounds for recent issues in Outlook for Windows.

Outlook for Mac Recent issues: Fixes or workarounds for recent issues in Outlook for Mac

Office Update History

Update history for supported Office versions is at Update history for Office

Outlook Suggestions and Feedback

Outlook Feedback covers Outlook as an email client, including Outlook Android, iOS, Mac, and Windows clients, as well as the browser extension (PWA) and Outlook on the web.

Use Outlook.com Feedback for suggestions or feedback about Outlook.com accounts.

Other Microsoft 365 applications and services




Windows 10 Issues

  • iCloud, Outlook 2016, and Windows 10
  • Outlook Links Won’t Open In Windows 10
  • Outlook can’t send mail in Windows 10: error Ox800CCC13
  • Missing Outlook data files after upgrading Windows?

Outlook Top Issues

  • The Windows Store Outlook App
  • The Signature or Stationery and Fonts button doesn’t work
  • Outlook’s New Account Setup Wizard
  • Outlook 2016: No BCM
  • Exchange Account Set-up Missing in Outlook 2016

Repair PST

Convert an OST to PST

Repair damaged PST file

Repair large PST File

Remove password from PST

Merge Two Data Files

Sync & Share Outlook Data

  • Share Calendar & Contacts
  • Synchronize two computers
  • Sync Calendar and Contacts Using Outlook.com
  • Sync Outlook & Android Devices
  • Sync Google Calendar with Outlook
  • Access Folders in Other Users Mailboxes

Contact Tools

Data Entry and Updating

Duplicate Checkers

Phone Number Updates

Contact Management Tools

Diane Poremsky [Outlook MVP]

Make a donation

Calendar Tools

Schedule Management

Calendar Printing Tools

Calendar Reminder Tools

Calendar Dates & Data

Time and Billing Tools

Meeting Productivity Tools

Duplicate Remover Tools

Mail Tools

Sending and Retrieval Tools

Mass Mail Tools

Compose Tools

Duplicate Remover Tools

Mail Tools for Outlook

Online Services

Productivity

Productivity Tools

Automatic Message Processing Tools

Special Function Automatic Processing Tools

Housekeeping and Message Management

Task Tools

Project and Business Management Tools

Choosing the Folder to Save a Sent Message In

Run Rules on messages after reading

Help & Suggestions

Outlook Suggestion Box (UserVoice)

Slipstick Support Services

Home | Outlook User | Exchange Administrator | Office 365 | Outlook.com | Outlook Developer
Outlook for Mac | Common Problems | Utilities & Addins | Tutorials
Outlook & iCloud Issues | Outlook Apps
EMO Archives | About Slipstick | Advertise | Slipstick Forums
Submit New or Updated Outlook and Exchange Server Utilities

Send comments using our Feedback page
Copyright © 2023 Slipstick Systems. All rights reserved.
Slipstick Systems is not affiliated with Microsoft Corporation.