Software

You had one job, Outlook! Security bug fix stops mail app from forwarding attachments

That's one way to stay secure

By Shaun Nichols in San Francisco

23 SHARE

Outlook will strip attachments from some forwarded emails once you've applied a security update from this month's Patch Tuesday, Microsoft has admitted.

Once the buggy patch, released January 9, is installed, Outlook 2016 will drop attachments from forwarded plain-text messages. This affects the Microsoft Installer (MSI) version of Outlook, but not the click-to-run versions (like those in Office and Office 365). The patch is supposed to prevent dodgy Office documents from executing malicious code when opened.

Microsoft said users can check whether their version of Outlook is the affected MSI app by looking in the "Update Options" screen. Click-to-run builds have an "Office Updates" option while MSI versions do not.

Alternatively, you could just check by trying to forward a plain-text email with an attachment.

Shortly after the security patch was released, IT admins began reporting that file attachments were getting cut out of messages when forwarded to others. Users also noted that the attachments were dropped in both the sent email and the copy saved to the sent folder.

Microsoft this week released a fix to address this attachment-gobbling bug, but says the update won't be rolled out to all users until next month's Patch Tuesday release on February 13. Users and admins who don't want to wait until the middle of next month can manually install KB4011123.

Even if it does have a tendency to mess up Outlook, the January security update is considered an important one for Office. Among the 56 vulnerabilities addressed in the Microsoft update was a remote code execution flaw in Office that was already being actively targeted in the wild. ®

Sign up to our NewsletterGet IT in your inbox daily

23 Comments

More from The Register

Prez Trump to host chinwag with Google, Microsoft, Oracle and Qualcomm – report

And Sundar Pichai heads to grilling on Chocolate Factory's data slurping

Microsoft Surface kicks dust in face of Apple iPad Pro in Q3

Hold on Redmond, don't light those fireworks yet, the dominance will be shortlived

Tesla tips ice on Apple, Google, Microsoft accounts of '$1m leaker'

US court grants freezing order on Marty Tripp's email and cloud hideyholes

Is someone chopping onions? Oracle cloud boss bids colleagues emotional farewell

Thomas Kurian to take 'extended leave' from Big Red

Oracle gets busy with Lazy FPU fix, adds more CPU Spectre-protectors

Oracle Linux and VM get their innoculations

What now, Larry? AWS boss insists Amazon will have dumped Oracle database by end of 2019

re:Invent Clock's ticking on Ellison's smack talk

Oracle: Run, don't walk, to patch this critical Database takeover bug

Flaw in House Larry's flagship product allows 'complete compromise' of servers

Oracle Database 18: Now in downloadable Linux flavour

Oh, and Windows, but cool kids don't use that

Oracle crushes Apiary's hope in slightly awkward email to customers

We own you, we review the products, we say what stays

Welcome! Mimecast finds interesting door policies on email filters

Microsoft and Proofpoint servers ushered in 15,656 malware attachments