Software

You had one job, Outlook! Security bug fix stops mail app from forwarding attachments

That's one way to stay secure

By Shaun Nichols in San Francisco

23 SHARE

Outlook will strip attachments from some forwarded emails once you've applied a security update from this month's Patch Tuesday, Microsoft has admitted.

Once the buggy patch, released January 9, is installed, Outlook 2016 will drop attachments from forwarded plain-text messages. This affects the Microsoft Installer (MSI) version of Outlook, but not the click-to-run versions (like those in Office and Office 365). The patch is supposed to prevent dodgy Office documents from executing malicious code when opened.

Microsoft said users can check whether their version of Outlook is the affected MSI app by looking in the "Update Options" screen. Click-to-run builds have an "Office Updates" option while MSI versions do not.

Alternatively, you could just check by trying to forward a plain-text email with an attachment.

Shortly after the security patch was released, IT admins began reporting that file attachments were getting cut out of messages when forwarded to others. Users also noted that the attachments were dropped in both the sent email and the copy saved to the sent folder.

Microsoft this week released a fix to address this attachment-gobbling bug, but says the update won't be rolled out to all users until next month's Patch Tuesday release on February 13. Users and admins who don't want to wait until the middle of next month can manually install KB4011123.

Even if it does have a tendency to mess up Outlook, the January security update is considered an important one for Office. Among the 56 vulnerabilities addressed in the Microsoft update was a remote code execution flaw in Office that was already being actively targeted in the wild. ®

Sign up to our NewsletterGet IT in your inbox daily

23 Comments

More from The Register

Tesla tips ice on Apple, Google, Microsoft accounts of '$1m leaker'

US court grants freezing order on Marty Tripp's email and cloud hideyholes

Oracle gets busy with Lazy FPU fix, adds more CPU Spectre-protectors

Oracle Linux and VM get their innoculations

Oracle crushes Apiary's hope in slightly awkward email to customers

We own you, we review the products, we say what stays

Data shepherd Rubrik herds Microsoft, Oracle users towards its Alta

Now talks to Nutanix AHV, Microsoft Hyper-V and Oracle RMAN

CIOs planning to snub Oracle for other cloudy vendors – analyst

Drop for Big Red shares as biz prepares to announce Q4 financial results

Microsoft: Yes, we agree that Irish email dispute is moot... now what's this new warrant about?

Redmond backs down without actually backing down

Oracle demands dev tear down iOS app that has 'JavaScript' in its name

Ordinary folk may be confused by title, takedown demand suggests

Oracle cuts ribbon on distributed ledger service

Big Red brags bank backing for blockchain biz

Umm, Oracle – about that patch? It might not be very sticky ...

Security researcher says WebLogic fix can be bypassed, posts proof-of-concept

Snap, crackle ... patch! Apple kicks out iOS 11.0.2 to tackle crappy calls, fix email glitches

Mystery of disappearing photos solved, too