Software

You had one job, Outlook! Security bug fix stops mail app from forwarding attachments

That's one way to stay secure

By Shaun Nichols in San Francisco

23 SHARE

Outlook will strip attachments from some forwarded emails once you've applied a security update from this month's Patch Tuesday, Microsoft has admitted.

Once the buggy patch, released January 9, is installed, Outlook 2016 will drop attachments from forwarded plain-text messages. This affects the Microsoft Installer (MSI) version of Outlook, but not the click-to-run versions (like those in Office and Office 365). The patch is supposed to prevent dodgy Office documents from executing malicious code when opened.

Microsoft said users can check whether their version of Outlook is the affected MSI app by looking in the "Update Options" screen. Click-to-run builds have an "Office Updates" option while MSI versions do not.

Alternatively, you could just check by trying to forward a plain-text email with an attachment.

Shortly after the security patch was released, IT admins began reporting that file attachments were getting cut out of messages when forwarded to others. Users also noted that the attachments were dropped in both the sent email and the copy saved to the sent folder.

Microsoft this week released a fix to address this attachment-gobbling bug, but says the update won't be rolled out to all users until next month's Patch Tuesday release on February 13. Users and admins who don't want to wait until the middle of next month can manually install KB4011123.

Even if it does have a tendency to mess up Outlook, the January security update is considered an important one for Office. Among the 56 vulnerabilities addressed in the Microsoft update was a remote code execution flaw in Office that was already being actively targeted in the wild. ®

Sign up to our NewsletterGet IT in your inbox daily

23 Comments

More from The Register

Oracle still silent on Meltdown, but lists patches for x86 servers among 233 new fixes

Sun ZFS Storage Appliance users: brace for super-critical fix

Azure VMs borked following Meltdown patch, er, meltdown

No ETA yet for West Europe machines

More stuff broken amid Microsoft's efforts to fix Meltdown/Spectre vulns

This is going to take a while

Microsoft patches patch for Meltdown bug patch: Windows 7, Server 2008 rushed an emergency fix

If at first you don't succeed, you're Redmond

Intel gives Broadwells and Haswells their Meltdown medicine

Chipzilla and Oracle are working their way back through time to deliver fixes

Win 7, Server 2008 'Total Meltdown' exploit lands, pops admin shells

Plus: Xen admins – you need to get patching your patches, too

Microsoft's Windows 7 Meltdown fixes from January, February made PCs MORE INSECURE

You'll want to install the March update. Like right now – if you can avoid broken networking

Meltdown-and-Spectre-detector comes to Windows Analytics

After flubbing its early responses, Microsoft's thrown sysadmins a bone

Microsoft patches Windows to cool off Intel's Meltdown – wait, antivirus? Slow your roll

Check your anti-malware tool unless you like BSoDs

Creaking Chromebooks getting Meltdown protection soon

Chrome OS 66 to protect older Intel units, still working on ARM