Manage Your Junk Mail in Microsoft Outlook

Patch Tuesday: No Post-Patch Release Issues Being Tracked at This Time

This month’s patch watch includes one area to keep a vigilant eye upon. There are issues with Outlook KB4011086 being tracked at this time. See the Office patch section below.

Adobe Flash at a Priority 3

Adobe released updates to Flash, RoboHelp, and Adobe Connect and categorized the updates as “Priority 3.” Given our recent Hurricanes in the news, I honestly had to look up what “Priority 3” meant in terms of Adobe patches. In weather-speak, a 3 storm still packs a heavy punch. In Adobe-speak the updates “resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.” For those on Windows 10 and 8.1, as usual you will receive the flash update in the form of KB4038806.

Recently I’ve been having to install the Firefox Flash update on my Windows 10 machines in order to watch some Flash-based videos. Even though I had Flash enabled on my Chrome and Edge browser, the video would not play. So all Flash versions are not created equal and you may need to download a few more to get things to work as they should on Windows 10.

What to Do: Check your Flash versions, then review your browsers to ensure they are up to date.

Windows 10 Releases

This month Windows 10 receives several updates. Tuesday’s security updates include the following:

• KB4038788 for Windows 10 1703
• KB4038782 for Windows 10 1607
• KB4038783 for Windows 10 1511
• KB4038781 for Windows 10 RTM

The 1703 release includes quite a few fixes. It did the following:

• Addressed issue where the color profiles do not revert to the user-specified settings after playing a full-screen game.
• Updated HDR feature to be turned off by default in the OS.
• Addressed issue where you can’t open the Start menu when you add a third-party IME.
• Addressed issue with scanners that rely on inbox driver support.
• Addressed issue in a Mobile Device Manager Enterprise feature to allow headsets to work correctly.
• Addressed issue where some machines fail to load wireless WAN devices when they resume from Sleep.
• Addressed issue where Windows Error Reporting doesn’t clean up temporary files when there is a redirection on a folder.
• Addressed issue where revoking a certificate associated with a disabled user account in the CA management console fails. The error is “The user name or password is incorrect. 0x8007052e (WIN32: 1326 ERROR_LOGON_FAILURE)”.
• Addressed issue where LSASS is leaking large amounts of memory.
• Addressed issue where enabling encryption using syskey.exe renders the system unbootable.
• Updated the BitLocker.psm1 PowerShell script to not log passwords when logging is enabled.
• Addressed issue where saving a credential with an empty password to Credential Manager causes the system to crash when attempting to use that credential.
• Updates to Internet Explorer 11’s navigation bar with search box.
• Addressed issue in Internet Explorer where undo is broken if character conversion is canceled using IME.
• Addressed issue with the EMIE where Microsoft Edge and Internet Explorer repeatedly switched between each other.
• Addressed issue where a device may stop responding for several minutes and then stop working with error 0x9F (SYSTEM_POWER_STATE_FAILURE) when a USB network adapter is attached.
• Addressed issue where some apps cannot be opened because the IPHlpSvc service stops responding during the Windows boot procedure.
• Addressed issue where spoolsv.exe stops working.
• Addressed issue where the Get-AuthenticodeSignature cmdlet does not list TimeStamperCertificate even though the file is time stamped.
• Addressed issue where, after upgrading to Windows 10, users may experience long delays when running applications hosted on Windows Server 2008 SP2.
• Addressed RemoteApp display issues that occur when you minimize and restore a RemoteApp to full-screen mode.
• Addressed issue that sometimes causes Windows File Explorer to stop responding and causes the system to stop working.
• Addressed issue that causes the Export-StartLayout cmdlet to fail when exporting the layout of tiles at startup.
• Addressed issue where the option to join Azure AAD is sometimes unavailable during the out-of-box experience.
• Addressed issue where clicking the buttons on Windows Action Center notifications results in no action being taken.
• Re-release of MS16-087- Security update for Windows print spooler components.

These updates are fixing security issues in the following: Microsoft Graphics Component, Windows kernel-mode drivers, Windows shell, Microsoft Uniscribe, Microsoft Edge, Device Guard, Windows TPM, Internet Explorer, Microsoft Scripting Engine, Windows Hyper-V, Windows kernel, and Windows Virtualization

The 1703 release still includes a side effect whereby it may change Czech and Arabic languages to English for Microsoft Edge and other applications.

For those still running the 1511 version you will also see KB4039556 a compatibility update for 1607. At this time I am not tracking any major side effects.

What to do: Install these updates at this time.

Windows 7 Updates

The Windows 7 updates released this month were all rolled into KB4038777, and they include security updates for Microsoft Graphics Component, Windows kernel-mode drivers, Windows shell, Windows Hyper-V, Windows kernel, Windows Virtualization, and Internet Explorer. Non security updates released with this update did the following:

• Addressed issue where applications that have LDAP referral chasing options enabled use a TCP dynamic port connection that doesn’t close until the applications close or the calling OS restarts. With sufficient time and volume, these applications may completely consume all TCP dynamic ports. If that occurs, network communications will fail for any protocol or operation that uses dynamic ports. This issue was introduced by the July and August 2017 cumulative updates, starting with KB4025337 and KB4025341.
• Updates to Internet Explorer 11’s navigation bar with search box.
• Addressed issue in Internet Explorer where undo is broken if character conversion is canceled using IME.
• Addressed issue in Internet Explorer where graphics render incorrectly.
• Addressed issue in Internet Explorer where the Delete key functioned improperly.
• Re-release of MS16-087- Security update for Windows print spooler components.

The major change in this release is adding a new search box in the menu bar of IE 11.

What to do: Install these updates at this time.

Windows 8.1 Updates

Windows 8.1 received the same change to IE’s search box as Windows 7. It also included security updates for Microsoft Graphics Component, Windows kernel-mode drivers, Windows shell, Microsoft Uniscribe, Microsoft Windows PDF Library, Windows TPM, Windows Hyper-V, Windows kernel, Windows DHCP Server, and Internet Explorer. in the form of KB4038792.

In addition the following non security fixes were included:

• Updates to Internet Explorer 11’s navigation bar with search box.
• Addressed issue in Internet Explorer where undo is broken if character conversion is canceled using IME.
• Addressed issue in Internet Explorer where graphics render incorrectly.
• Addressed issue in Internet Explorer where the Delete key functioned improperly.
• Re-release of MS16-087- Security update for Windows print spooler components.

Like the Windows 7 update, this includes a new search box in the menu bar in IE 11.

What to do: Install these updates at this time.

.NET Releases

.NET is receiving updates this month in the form of several updates. For Windows 10, the .NET security releases are included in the Windows 10 releases listed above.

Windows 8.1 should be offered one of these updates:

• KB4041085 > for 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7
• KB4040981 for NET Framework 3.5
• KB4040974 for NET Framework 4.5.2
• KB4040972 for .NET Framework 4.6, 4.6.1, 4.6.2 and 4.7

Windows 7 should receive one of the following updates:

• KB4041083 for NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7
• KB4040980 for NET Framework 3.5.1
• KB4040977 for NET Framework 4.5.2
• KB4040973 for NET Framework 4.6, 4.6.1, 4.6.2, and 4.7

Office Update Releases

Currently I am tracking an issue with KB4011086: if a machine is set to any language other than English, this patch changes the language to Swedish (as noted in this forum). I am unsure if this impacts KB4011055, KB4011103, KB4011126, KB4011038, KB4011089, KB4011090 and KB4011091 as well. If you are on Click-to-Run versions of Office and see this issue follow this guidance to roll back to a prior version.

For those of you on Office Click-to-Run versions, you should expect to be upgraded to the latest version in the background. If however, you have the old fashioned MSI – or patch based Office deployments expect to see the following updates:

Office 2016

• KB4011165 Excel fixes for black borders
• KB4011050 Fixing remote code execution.
• KB3213551 Fixing remote code execution.
• KB3203474 Fixing remote code execution
• KB4011038 Fixing defense-in-depth updates to help improve security-related features.
• KB4011126Fixing defense-in-depth updates to help improve security-related features.
• KB4011091Fixing defense-in-depth updates to help improve security-related features.
• KB4011041Remote code execution fixes for PowerPoint 2016.
• KB4011040Security fixes for Skype for Business.

Office 2013

• KB4011108 Security fixes for Excel 2013
• KB3213564 Security fixes for Office 2013
• KB4011103 Security fixes for Office 2013
• KB4011069 Security fixes for PowerPoint 2013
• KB4011107 Security fixes for Skype for Business.
• KB3213568 Security fixes for Skype for Business.

Office 2010

• KB4011061 Security fixes for Excel 2010
• KB4025865 Security fixes for Lync 2010
• KB4025866 Security fixes for Lync 2010
• KB4025867 Security fixes for Lync attendee
• KB3213638Security fixes for Office 2010
• KB3213631 Security fixes for Office 2010
• KB3213626 Security fixes for Office 2010
• KB4011055 Security fixes for Office 2010
• KB4011089 Security fixes for Office 2010
• KB3128027 Security fixes for PowerPoint 2010
• KB3128030 Security fixes for PowerPoint viewer 2010
• KB3141537 Security fixes for Publisher 2010

Office 2007

• KB4011062 Security fixes for Excel 2007
• KB4011065 Security fixes for Excel Viewer 2007
• KB3213644 Security fix for Office compat pack
• KB4011064 Security fix for Office compat pack
• KB3213646 Security fixes for Office 2007
• KB3213641 Security fixes for Office 2007
• KB3213649 Security fixes for Office 2007
• KB4011063 Security fixes for Office 2007
• KB4025869 Security fixes for Office 2007
• KB4025868 Security fixes for Office live meeting console
• KB4011086 Security fixes for Outlook 2007
• KB3213642 Security fixes for PowerPoint 2007
• KB3114428 Security fixes for Publisher 2007

Office 2003

• KB4011125 Patches for Word viewer 2003
• KB4011134 Patches for Word viewer 2003

Mac Updates

• KB3212225 Security update for Office Mac 2011

Server Admins

Look out for the following updates:

• KB3213658 Security patch for SharePoint Online Server 2016
• KB4011127 Security patch for SharePoint Server 2016
• KB4011112 Security Patch for SharePoint Server 2016
• KB3213562 Security patch for Office Web App server 2013
• KB4011115 Security patch for Project Server 2013
• KB4011118 Security patch for Project Server 2013
• KB4011117 Security update for SharePoint foundation 2013
• KB4011132 Security patch for SharePoint foundation 2013
• KB3213560 Security patch for SharePoint Server 2013
• KB4011113 Security patch for SharePoint Server 2013
• KB4011116 Security patch for SharePoint Server 2013
• KB4011133 Security patch for SharePoint Server 2013
• KB3213632 Security update for SharePoint Server 2010
• KB4011057 Security update for Project Server 2010
• KB4011056 Security update for SharePoint Server 2010
• KB4011058 Security patch for SharePoint Server 2010
• KB3191831 Security update for SharePoint Server 2007

What to do: Due to the number of remote code execution bugs in these, I’ll recommend you install these updates as soon as possible.

I would highly recommend installing KB4011165 as it fixes a known issue introduced by this month’s security update of KB4011050 causing black borders may appear around rows or cells in Excel spreadsheets when you enter text.

Holding Off on the Rest of Office Updates

Hold off as usual for the following non security updates that were released earlier this month:

Office 2016

• September 5, 2017 update for Access 2016 KB4011032 This update fixes an issue when you import data from a SharePoint list.
• September 5,, 2017, update for Office 2016 KB3191923 Fixes some high DPI issues for add-ins
• September 5, 2017, update for Office 2016 KB3203478 Fixes for Power Pivot.
• September 5, 2017, update for Office 2016 KB3203482 Fixes for PowerPivot
• August 22 2017, update for Office 2016 KB4011093 Fixes for August 1st introduced issues.
• September 5, 2017, update for Office 2016 KB4011099 Fixes for High resolution devices using 32 bit office.
• September 5, 2017, update for Office 2016 KB4011102 Fixing notifications for Dutch Word 2016.
• September 5, 2017, update for Office Language pack for 2016 KB4011098
• September 5, 2017, update for OneNote 2016 KB4011092
• September 5, 2017, update for Project 2016 KB4011101
• September 5, 2017, update for Visio 2016 KB4011096
• September 5, 2017, update for Word 2016 KB4011039Improves compatibility of Microsoft Word 2016 to allow real-time collaboration on cloud documents between the desktop client, iOS and Android.

Office 2013

• September 5, 2017, update for Office 2013 KB3172484 Improves Microsoft Audit and Control Management Server issues.
• September 5, 2017, update for Microsoft Audit and Control Management Server KB3172512
• September 5, 2017, update for Office 2013 KB3203486
• September 5, 2017, update for Office 2013 KB3213536
• September 5, 2017, update for Office 2013 KB4011087 Fixes issues with Office 2013 and emojies
• September 5, 2017, update for Office 2013 KB4011106
• September 5, 2017, update for Project 2013 KB4011109
• September 5, 2017, update for Visio 2013 KB3191936
• September 5, 2017, update for Word 2013 KB4011105

What to do: I recommend not installing these updates at this time.

On a final note, my best wishes to everyone in Florida in recovering from Irma. Here’s hoping that the rest of the Hurricane season will be very quiet and very uneventful.

Regularly Updated Problem Patch Chart

This table provides the status of recent Windows and Microsoft application security updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. Status changes are highlighted in bold.

For Microsoft’s list of recently released patches, go to the MS Security TechCenter page.

Patch	Released	Description	Status
KB4038777	9-12	Windows 7 rollup	Install*
KB4034681	9-12	Windows 8	Install
KB4038788 [1703]	9-12	Windows 10 1703	Install
KB4038782 [1607]	9-12	Windows 10 1607	Install

*Hold: Please note if you’ve installed these updates and are not seeing any side effects you can leave the updates installed. I’m only recommended holding off if you are severely impacted by these side effects.

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.

Feedback welcome: Have a question or comment about this story? Post your thoughts, praise, or constructive criticisms in the WS Columns forum.

Manage Your Junk Mail in Microsoft Outlook

You can get a better handle on the amount of spam invading your Outlook inbox.

Do you receive annoying spam messages in Microsoft Outlook? Junk mail has been a persistent problem for years. And although progress has been made in the fight against spam, we continue to get unwanted and potentially dangerous junk mail. Your email provider should already have a junk mail filter to block out spam, but some of it is still going to reach your inbox. How can you combat and manage the spam you get in Outlook? Microsoft’s email program offers its own junk mail filter, which you can customize to help stop spam while allowing legitimate mail to come through. You can click on a spam message to mark it as spam or click on a legitimate message falsely labeled as spam. You can also add email addresses and domains to your Safe Senders list and your Blocked Senders list. Let’s look at how you can manage your spam in Outlook.

For the purposes of this article, I’m using Microsoft Outlook 2016. But the steps apply equally to the past few versions of Outlook.

Before you even open Outlook, sign in to your email provider’s website and make sure the spam filter is turned on for your account. With most services, spam filtering is turned on by default. In some cases, you may need to check your settings for the service to enable the filtering. You can often create a safe senders list to make sure email from legitimate senders reaches you. And you should also review mail that’s been flagged and blocked as spam to see if any legitimate messages got caught in the list. If so, click on any emails that have been falsely tagged as junk and tag them as legit. Those messages are then sent to your inbox. By configuring your spam filter and other settings with your mail provider, you can stop spam before it even reaches Outlook.

Okay, let’s move to Outlook. Your first step is to configure your junk mail settings. To do this, right-click on any message and hover over the Junk command from the popup menu. From there, click on the setting for Junk E-Mail Options.

The Junk E-Mail Options window opens with the Options section selected. Here, you can review or change your level of junk mail protection. Outlook provides four options: 1) No Automatic Filtering; 2) Low; 3) High; and 4) Safe Lists Only.

If your mail provider is doing an effective job of filtering out spam, you may want to set your Outlook junk mail to No Automatic Filtering. If you are getting a fair amount of spam and want to test Outlook’s spam filter, choose the second option for Low. That attempts to filter out obvious spam while making sure legitimate messages are placed in your inbox. If you’re getting heavy doses of spam, you can consider the third option for High. The only drawback here is that a greater percentage of legitimate mail may get tagged as spam, so you’ll need to regularly review all Outlook messages tagged as junk. If you don’t receive much mail in general and are being inundated with spam, you might try out the fourth option for Safe Lists Only. In this case, only email from people or domains on your Safe lists will hit your inbox.

After you’ve chosen the level of protection, you can tell Outlook to permanently delete all mail tagged as junk rather than letting it drop in the Junk Email folder. If you do choose this option, make sure the setting to “Empty Deleted Items folders when existing Outlook” (which you can access by clicking on the File menu, then Options and then Advanced) is disabled. That will preserve any deleted messages so you have a chance to comb your spam for any legitimate items. Next, you should keep the settings for “Disable links and other functionality in phishing messages” and “Warm me about suspicious domain names” enabled to alert you to possible spam messages and potentially malicious content.

Click on the tab for Safe Senders. Here, you can add email addresses or domain names for senders whose mail should never be blocked regardless of the content or subject. To add someone, click on the Add button, type the address or domain name, and then click OK. To remove someone, select the entry for that person and then click on the Remove button. To revise an existing entry, click on the Edit button. You can tell Outlook to automatically trust email from anyone in your Contacts list and to add people that you email to the Safe Senders list. You can also import a list of addresses or domain names from a text file.

Next, click on the tab for Safe Recipients. If you subscribe to any mailing lists, you can add the addresses for those lists in this section to ensure that their messages are placed in your inbox. The process is the same as adding addresses or domain names to the Safe Senders list. Here, you can also import a list of names from a text file.

Next, click on the tab for Blocked Senders. You can add the address of anyone who spams you so that any future emails from that address are automatically tagged as spam.

Click on the tab for International. Here, you can block messages that are written in a foreign language or contain certain characters, with the idea that such messages can sometimes be spam.

Now that you’ve set up your spam filtering, how do you deal with specific messages? Let’s say you’ve received a spam message that got through to your inbox. Right-click on it and hover over the Junk command from the menu. Click on the command to Block Sender. The email is sent to your Junk Email folder and the sender is added to your Blocked Senders list.

What if a legitimate message is mistakenly flagged as spam. Right-click on that message and again move to the Junk command. You have a few options. Click on the Not Junk command to tell Outlook that the message is legit, in which case it’s moved to your inbox. You can also select the command to Never Block Sender, which puts the address in your Safe Senders list. You can select the command to Never Block Senders Domain, which puts the entire domain name in your Safe Senders list. And you can select the command to Never Block this Group or Mailing List, which puts the address in your Safe Recipients list.