You had one job, Outlook! Security bug fix stops mail app from forwarding attachments

That's one way to stay secure

By Shaun Nichols in San Francisco

Posted in Software, 26th January 2018 06:07 GMT

Outlook will strip attachments from some forwarded emails once you've applied a security update from this month's Patch Tuesday, Microsoft has admitted.

Once the buggy patch, released January 9, is installed, Outlook 2016 will drop attachments from forwarded plain-text messages. This affects the Microsoft Installer (MSI) version of Outlook, but not the click-to-run versions (like those in Office and Office 365). The patch is supposed to prevent dodgy Office documents from executing malicious code when opened.

Microsoft said users can check whether their version of Outlook is the affected MSI app by looking in the "Update Options" screen. Click-to-run builds have an "Office Updates" option while MSI versions do not.

Alternatively, you could just check by trying to forward a plain-text email with an attachment.

Shortly after the security patch was released, IT admins began reporting that file attachments were getting cut out of messages when forwarded to others. Users also noted that the attachments were dropped in both the sent email and the copy saved to the sent folder.

Microsoft this week released a fix to address this attachment-gobbling bug, but says the update won't be rolled out to all users until next month's Patch Tuesday release on February 13. Users and admins who don't want to wait until the middle of next month can manually install KB4011123.

Even if it does have a tendency to mess up Outlook, the January security update is considered an important one for Office. Among the 56 vulnerabilities addressed in the Microsoft update was a remote code execution flaw in Office that was already being actively targeted in the wild. ®

Sign up to our NewsletterGet IT in your inbox daily

23 Comments

More from The Register

Oracle still silent on Meltdown, but lists patches for x86 servers among 233 new fixes

Sun ZFS Storage Appliance users: brace for super-critical fix

Azure VMs borked following Meltdown patch, er, meltdown

No ETA yet for West Europe machines

More stuff broken amid Microsoft's efforts to fix Meltdown/Spectre vulns

This is going to take a while

Meltdown-and-Spectre-detector comes to Windows Analytics

After flubbing its early responses, Microsoft's thrown sysadmins a bone

SHL just got real-mode: US lawmakers demand answers on Meltdown, Spectre handling from Intel, Microsoft and pals

Pact of silence questioned

Microsoft patches Windows to cool off Intel's Meltdown – wait, antivirus? Slow your roll

Check your anti-malware tool unless you like BSoDs

Intel’s Meltdown fix freaked out some Broadwells, Haswells

Customers say PCs and servers reboot a lot after fixes. Meanwhile, AMD admits to Spectre problems

Cisco to release patches for Meltdown, Spectre CPU vulns, just in case

Switchzilla is investigating a whole bunch of products

Now Meltdown patches are making industrial control systems lurch

Automation and SCADA-flingers admit fix has affected products

Meltdown/Spectre fixes made AWS CPUs cry, says SolarWinds

CPU utilization up, throughput down, but a second fix may have restored normal service