How to recall a message sent in Microsoft Outlook

Shocked stressed woman looking at laptop reading negative surprise online

Image: fizkes, Getty Images/iStockphoto

It’s inevitable. You send someone an email in Microsoft Outlook. And then you realize for one reason or another that the message has a mistake or that it shouldn’t have been sent at all. You can fix your error after the fact by recalling a message. Using the recall feature under the right conditions, your previous email is deleted without the recipient ever seeing it. You can also send a replacement message with the correct information.

SEE: How to add a drop-down list to an Excel cell (TechRepublic)

There are some requirements if the recall feature is to work properly. For your recalled message to be deleted, both you and the recipient must have a Microsoft 365 Business account or Microsoft Exchange email account in the same organization, meaning the same Exchange system on the backend. The email must have been delivered to the recipient’s mail server but it must not have been read yet.

However, even if you and the recipient use different email clients or backend systems, or you fail to recall the message before it’s been read, the recall feature can still serve a purpose. Though the initial email won’t be deleted, the recipient receives a follow-up message indicating that you want to recall the previous email. That tells them that your initial email is incorrect or invalid for some reason. You should then follow up your initial email and recall message with another email that contains the right information or corrects the initial one.

SEE: 50 time-saving tips to speed your work in Microsoft Office (free PDF) (TechRepublic)

How to recall a message in Microsoft Outlook

To try this, open Outlook. Start a new email and address it to the recipient. Send the email (Figure A).

Figure A

figure-a.jpgfigure-a.jpg

Now, let’s say you notice an error in your email and want to recall it. Open the email from your Sent Items folder. Select the Actions icon and click the option to Recall This Message (Figure B).

Figure B

figure-b.jpgfigure-b.jpg

The Recall This Message window offers two options. Choosing to “Delete unread copies of this message” tries to remove the message with no follow up. Choosing to “Delete unread copies and replace with a new message” gives you an opportunity to immediately send a follow-up message with the correct information. To learn if the recall succeeds, keep the box checked for “Tell me if recall succeeds or fails for each recipient.” Click OK (Figure C).

Figure C

figure-c.jpgfigure-c.jpg

If you chose the option to replace with a new message, a new email appears with the text from the original message so you can fix the problem and send the corrected version (Figure D).

Figure D

figure-d.jpgfigure-d.jpg

If you and the recipient use the same Microsoft 365 Business or Exchange backend environment, then the email should be deleted from the recipient’s inbox automatically. If so, you’ll receive an email indicating that the recall was successful for that particular user.

If you and the recipient use different email clients or backend mail services, the initial email remains in that person’s inbox. A follow-up email then arrives that tells the recipient that you would like to recall the message. You then have to rely on your recipient to ignore or delete the original message in favor of the corrected one (Figure E).

Figure E

figure-e.jpgfigure-e.jpg

For more information on the different recall scenarios, check out Microsoft’s support page on “Recall or replace an email message that you sent.”

Microsoft Weekly Newsletter

Be your company’s Microsoft insider by reading these Windows and Office tips, tricks, and cheat sheets. Delivered Mondays and Wednesdays

Sign up today

Also see

Related:

  • No Related Posts

PegaSys Ethereum Suite Added to Microsoft’s Azure Marketplace

PegaSys Ethereum Suite Added to Microsoft’s Azure Marketplace

A partnership between two founding members of the Enterprise Ethereum Alliance (EEA) will be bringing PegaSys Ethereum suite to the Microsoft Azure Marketplace.

According to ConsenSys, the partnership with Microsoft that will enable developers access tools needed to manage a full-scale Enterprise Ethereum network via Microsoft’s Azure marketplace.

The @PegaSysEng#Ethereum suite will be available on the Microsoft @Azure Marketplace. #PegaSysAzurehttps://t.co/maehht3k2D

— ConsenSys (@Consensys) May 8, 2020

The Ethereum development studio in its press release noted that developers would be able to access the PegaSys Ethereum Suite through the Azure Marketplace to build private networks and operate on the Ethereum mainnet.

Notably, the PegaSys Ethereum Suite, which includes Hyperledger Besu, PegaSys Plus, and PegaSys Orchestrate, will help developers deploy multi-node networks with blockchain explorers, monitoring, and dashboards.

Additionally, the principal program manager of blockchain engineering for Microsoft, Yorke E. Rhodes III, expressed his happiness towards the new offering.

He said, “Microsoft would continue to advance the enterprise quality and tooling for blockchain networks.” Adding that blockchain development is core to serving the needs of customers using Azure.

Notably, the Microsoft Azure Marketplace is like an app store for developers. Where they can purchase software licenses or sample products that help them build their tools.

Users embracing the PegaSys Suite

The general public has well received the PegaSys Ethereum Suite. According to Dan Heyma, a member of the PegaSys team, there have already been over 130,000 downloads of the suite. In addition to over 200 enterprise networks built with Besu.

Heyman noted that the addition of suite to the marketplace wouldn’t only increase visibility but also improve developers’ experience.

“Our close collaboration with Microsoft improves our performance on Azure as well as lays the foundation for deeper collaboration on future Ethereum offerings,” he said.

PegaSys is the protocol engineering group at ConsenSys. Which is also the Brooklyn, New York-based firm known for incubating Ethereum projects.

Long-lasting partnership

ConsenSys and Microsoft have been in partnership for a long time now. Both software companies have been together since the first Visual Studio plug-in for Solidity in 2016.

They also partnered in the forming of the Enterprise Ethereum Alliance. To create the very enterprise Ethereum client specification that Hyperledger Besu uses.

Notably, Hyperledger Besu is an open-source Ethereum client written in Java’s programming language.

Microsoft recently launched a new crypto initiative that enables the crypto mining system performs online functions. The initiative also aims to make use of search engines, chatbots and reading ads. Through involuntary body activities like brain waves and body heat.

Also, last year tech giant Microsoft got into the cryptocurrency space by partnering with leading blockchain gaming platform, Enjin. Microsoft launched its very own reward system ERC1155 collectibles and introduced Azure Heroes with Enjin to create a blockchain-based recognition program.

Related:

WEM Agent hung sporadically by logon on “application processing”

WEM Agent 1906 sporadically hung after few logins at “application processing”. just logoff and logon helps. Client OS: Citrix Virtual Apps Server with Windows Server 2016 (latest Updates)

Error Message in the Event Log:

Error while Configuring Registry Security for DOMAINtest1

Source: Norskale Agent Service Event ID: 0 2. Event Log one or all of the identity references could not be translated. Source: Norskale Agent Service Event ID: 0 Latest Citrix WEM Agent Log 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing with Registry Entry -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15EXCEL.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing with Xml Value -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15EXCEL.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing with Ini Value -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15EXCEL.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing Simple String Operations -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15EXCEL.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing Split Operations -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15EXCEL.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing String Operations -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15EXCEL.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing SubString Operations -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15EXCEL.EXE 17:56:55 Event -> VuemApplicationExecutor.ProcessVuemAppAutoLaunch() : Application -> MS Onenote (Id:17) -> AutoLaunch Disabled : Exiting 17:56:55 Event -> VuemApplicationExecutor.CreateDesktopShortcut() : Application -> MS Outlook (Id:13) -> Processing Desktop Shortcut… 17:56:55 Event -> VuemApplicationExecutor.CreateDesktopShortcut() : Application -> MS Word (Id:14) -> Processing Desktop Shortcut… 17:56:55 Event -> VuemApplicationExecutor.ProcessVuemAppAutoLaunch() : Application -> MS PowerPoint (Id:20056) -> AutoLaunch Disabled : Exiting 17:56:55 Event -> VuemApplicationExecutor.CreateDesktopShortcut() : Application -> MS Outlook (Id:13) -> Saving Desktop Shortcut… 17:56:55 Event -> VuemApplicationExecutor.DoPinToTaskBar() : Application -> MS Excel (Id:15) -> Processing TaskBar Pinned Shortcut… 17:56:55 Event -> VuemApplicationExecutor.SaveShortcut() : Working Directory: C:Program Files (x86)Microsoft OfficeOffice15 Target: C:Program Files (x86)Microsoft OfficeOffice15OUTLOOK.EXE Arguments: 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing HashTags -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15OUTLOOK.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing User Attributes -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15OUTLOOK.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing Printer Attributes -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15OUTLOOK.EXE 17:56:55 Event -> VuemApplicationExecutor.CreateDesktopShortcut() : Application -> MS Word (Id:14) -> Saving Desktop Shortcut… 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing User Parent OU -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15OUTLOOK.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing with Registry Entry -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15OUTLOOK.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing with Xml Value -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15OUTLOOK.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing with Ini Value -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15OUTLOOK.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing Simple String Operations -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15OUTLOOK.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing Split Operations -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15OUTLOOK.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing String Operations -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15OUTLOOK.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing SubString Operations -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15OUTLOOK.EXE 17:56:55 Event -> VuemApplicationExecutor.SaveShortcut() : Working Directory: C:Program Files (x86)Microsoft OfficeOffice15 Target: C:Program Files (x86)Microsoft OfficeOffice15WINWORD.EXE Arguments: 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing HashTags -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15WINWORD.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing User Attributes -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15WINWORD.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing Printer Attributes -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15WINWORD.EXE 17:56:55 Event -> VuemApplicationExecutor.DoPinToTaskBar() : Application -> MS Outlook (Id:13) -> Processing TaskBar Pinned Shortcut… 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing User Parent OU -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15WINWORD.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing with Registry Entry -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15WINWORD.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing with Xml Value -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15WINWORD.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing with Ini Value -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15WINWORD.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing Simple String Operations -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15WINWORD.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing Split Operations -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15WINWORD.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing String Operations -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15WINWORD.EXE 17:56:55 Event -> DynamicTokensController.ReplaceDynamicTokens() : Replacing SubString Operations -> no match found for : C:Program Files (x86)Microsoft OfficeOffice15WINWORD.EXE 17:56:55 Event -> VuemApplicationExecutor.DoPinToTaskBar() : Application -> MS Word (Id:14) -> Processing TaskBar

Related:

Microsoft releases Windows 10 builds 18363.815, 18362.815 with a ton of fixes

Patch Tuesday was only a week ago, but it’s now time for this month’s round of optional updates. Typically, Microsoft does this in several installments, offering updates to different versions at different times. But today, Windows 10 version 1909, 1903, 1809, 1803, and 1607 are all getting updates.

The reason that they’re all getting patched today is likely because this is going to be one of the last times to do it. Starting in May, Microsoft won’t be releasing optional cumulative updates anymore, only Patch Tuesday updates. This is to focus on stability for those working from home during the COVID-19 pandemic.

For those on Windows 10 versions 1909 and 1903, you’ll get KB4550945, bringing the build number to 18363.815 and 18362.815, respectively. You can manually download it here, and these are the highlights:

  • Updates an issue that prevents certain apps from opening after you upgrade from a previous version of Windows, and a Bad Image error message appears.
  • Updates in an issue that turns off notifications for devices that use a virtual private network (VPN) on a cellular network.
  • Updates an issue that prevents you from resuming a Microsoft Xbox game on a Windows device after upgrading from a previous version of Windows.
  • Updates an issue that causes a text box that contains multiple lines of text to stop responding in certain scenarios.
  • Updates an issue that generates unexpected notifications when you change the default application settings.
  • Updates an issue that causes Windows Update to stop responding when you check for updates.
  • Updates an issue that fails to print content that is outside of the margins of a document.

Here’s the full list of fixes:

  • Addresses an issue that prevents certain apps from opening after you upgrade from a previous version of Windows, and a Bad Image exception dialog box appears.
  • Addresses in an issue that turns off notifications for devices that use a virtual private network (VPN) on a cellular network.
  • Addresses an issue that prevents you from resuming a Microsoft Xbox game on a Windows device after upgrading from a previous version of Windows.
  • Addresses an issue that causes a box that contains multiple lines of text to stop responding in certain scenarios.
  • Addresses an issue that prevents the touch keyboard from appearing during sign in when the user is prompted for the password.
  • Addresses an issue that prevents the touch keyboard from opening in Universal Windows Platform (UWP) apps when USB devices are connected.
  • Addresses an issue that displays incorrect folder properties in File Explorer when the path is longer than MAX_PATH.
  • Addresses an issue that prevents the correct lock screen from appearing when all of the following are true:
    • The Group Policy Object (GPO) policy “Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsInteractive Logon: Do not require Ctrl+Alt+Del Computer” is disabled.
    • The GPO policy “Computer ConfigurationAdministrative TemplatesSystemLogonTurn off app notifications on the lock screen” is enabled.
    • The registry key HKLMSOFTWAREPoliciesMicrosoftWindowsSystemDisableLogonBackgroundImage is set to 1.
  • Addresses an issue that generates unexpected notifications related to changing the default application settings.
  • Addresses an issue that causes the sign in screen to be blurry.
  • Addresses an issue that causes Windows Update to stop responding when you check for updates.
  • Addresses an issue that prevents the Sign in options page from opening using the ms-settings:signinoptions-launchfingerprintenrollment Uniform Resource Identifier (URI).
  • Addresses an issue with Bluetooth group policy settings on Microsoft Surface Pro X devices.
  • Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets.
  • Addresses a reliability issue in WDF01000.sys.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue that causes the Trusted Platform Module (TPM) initialization to fail with system event error 14 and prevents Windows from accessing the TPM.
  • Addresses an issue that causes communication with the TPM to time out and fail.
  • Addresses an issue that prevents hash signing using the Microsoft Platform Crypto Provider for TPMs from working correctly. This issue might also affect networking software, such as VPN applications.
  • Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
  • Addresses an issue that causes systems to stop working with a 0x3B stop code when running a binary that is signed by a revoked certificate.
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that prevents a user’s PIN from being changed after connecting the device to Microsoft Workplace Join.
  • Addresses an issue that fails to print content that is outside of the margins of a document.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that causes Microsoft Edge to stop working if you attempt to use paste functionality on webpages when cut-and-paste functionality has been disabled using a policy and Windows Defender Application Guard is active.
  • Addresses an issue that causes the Clipboard service to unexpectedly stop working.

Windows 10 version 1809 just had its support extended, and those users will get KB4550969, bringing the build number to 17763.1192. You can manually download it here, and these are the highlights:

  • Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Updates an issue that causes a text box that contains multiple lines of text to stop responding in certain scenarios.
  • Updates an issue that fails to print content that is outside of the margins of a document.

Here’s the full list of fixes:

  • Addresses an issue that occurs when a third-party application loads hidden tabs into Internet Options.
  • Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Addresses an issue that causes a box that contains multiple lines of text to stop responding in certain scenarios.
  • Addresses an issue that prevents the first key stroke from being recognized correctly in the DataGridView cell.
  • Addresses an issue that causes an application that uses msctf.dll to stop working, and the 0xc0000005 (Access violation) exception appears.
  • Addresses an issue that prevents the correct lock screen from appearing when all of the following are true:
    • The Group Policy Object (GPO) policy “Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsInteractive Logon: Do not require Ctrl+Alt+Del Computer” is disabled.
    • The GPO policy “Computer ConfigurationAdministrative TemplatesSystemLogonTurn off app notifications on the lock screen” is enabled.
    • The registry key HKLMSOFTWAREPoliciesMicrosoftWindowsSystemDisableLogonBackgroundImage is set to 1.
  • Addresses a reliability issue in WDF01000.sys.
  • Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets.
  • Addresses an issue that causes the Event Viewer Microsoft Management Console (MMC) to stop working when the secondary monitor is above the primary monitor. An out of bounds exception appears.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue that prevents hash signing using the Microsoft Platform Crypto Provider for TPMs from working correctly. This issue might also affect networking software, such as VPN applications.
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that prevents a user’s PIN from being changed after connecting the device to Microsoft Workplace Join.
  • Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
  • Addresses an issue that fails to print content that is outside of the margins of a document.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that causes high CPU usage on Active Directory (AD) domain controllers when migrating to Windows Server 2019. This increases latency in Microsoft Exchange operations, causes Managed Store contention, and severely impacts index creation in Active Directory and the Global Catalog’s performance.
  • Addresses an issue that logs incorrect Internet Protocol (IP) addresses in the audit logs because of missing or old data for active requests coming from “windowstransport/usernamemixed/certificatemixed” endpoints.
  • Addresses an issue that causes devices that are provisioned for Windows Hello for Business (WHfB) to fail. Registration occasionally fails, which leads to a delay in WHfB enrollment and, in some instances, creates Conflicting Objects (CNF) in the Active Directory “Registered Device” container.
  • Addresses an issue that might cause a deadlock in the Remote Desktop Gateway service.
  • Addresses an issue that might cause the Remote Desktop Gateway service to stop working.
  • Addresses an issue that causes systems to stop working with a 0x3B stop code when running a binary that is signed by a revoked certificate.
  • Addresses an issue that prevents the Notification State registries from being deleted for certain apps even after the user profile is deleted.
  • Addresses an issue that causes stop error 0x18 (REFERENCE_BY_POINTER) when Remote Desktop sessions redirect devices that are not input devices.

This one does have one known issue to be aware of:

Symptom Workaround
After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_ COMPONENT_NOT_FOUND.”
  1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.
  2. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.

Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:

  1. Go to the Settings app > Recovery.
  2. Select Get Started under the Reset this PC recovery option.
  3. Select Keep my Files.

Microsoft is working on a resolution and will provide an update in an upcoming release.


For those running Windows 10 version 1803, which is only supported for Enterprise and Education SKUs, you’ll get KB4550944, bringing the build number to 17134.1456. You can manually download it here, and there’s one highlight:

  • Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.

Here’s the full list of fixes:

  • Addresses an issue that occurs when a third-party application loads hidden tabs into Internet Options.
  • Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Addresses an issue that prevents the first key stroke from being recognized correctly in the DataGridView cell.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue with running klist.exe that causes lsass.exe to stop working and generates an access violation error (0xC0000005).
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
  • Addresses a Task Manager CPU frequency display issue that locks to the base frequency on devices equipped with certain CPUs.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that occurs when you try to sign in to Windows during recovery mode. The error, “No administrator accounts are available on this machine”, appears.
  • Addresses an issue that prevents you from removing some local users from local built-in groups. For example, you cannot remove “Guest” from the “Guests” local group.
  • Addresses an issue that prevents certain apps from installing if they are published using a Group Policy Object.
  • Addresses an issue that causes Microsoft Edge to stop working if you attempt to use paste functionality on webpages when cut-and-paste functionality has been disabled using a policy and Windows Defender Application Guard is active.

Finally, Windows 10 version 1607 is still supported for LTSB and Windows Server 2016 customers, and they’ll get KB4550947, bringing the build number to 14393.3659. You can manually download it here, and it has the same one highlight:

  • Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.

Here’s the full list of fixes:

  • Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Addresses an issue with Dynamic Data Exchange (DDE) that causes a memory leak when multiple clients connect to the same server.
  • Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue that might cause a delay of up to two minutes when signing in or unlocking a session on Hybrid Azure Active Directory-joined machines.
  • Addresses an issue with running klist.exe that causes lsass.exe to stop working and generates an access violation error (0xC0000005).
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that might prevent Dynamic Host Configuration Protocol (DHCP) servers from providing the right options to clients when a reservation exists.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that causes devices that are provisioned for Windows Hello for Business (WHfB) to fail. Registration occasionally fails, which leads to a delay in WHfB enrollment and, in some instances, creates Conflicting Objects (CNF) in the Active Directory “Registered Device” container.
  • Addresses an issue that occurs when you try to sign in to Windows during recovery mode. The error, “No administrator accounts are available on this machine”, appears.
  • Addresses an issue that prevents you from removing some local users from local built-in groups. For example, you cannot remove “Guest” from the “Guests” local group.
  • Addresses an issue that logs incorrect Internet Protocol (IP) addresses in the audit logs because of missing or old data for active requests coming from “windowstransport/usernamemixed/certificatemixed” endpoints.
  • Addresses an issue that might cause a deadlock in the Remote Desktop Gateway service.
  • Addresses an issue in Srv2.sys that might cause 0x18, 0xC2, and 0x19 errors.
  • Addresses an issue that prevents the Notification State registries from being deleted for certain apps even after the user profile is deleted.

This one also has one known issue:

Symptom Workaround
After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

Microsoft is working on a resolution and will provide an update in an upcoming release.


As mentioned earlier, these updates are optional. That means that you can get it through Windows Update if you opt into it, or you can install it manually. If you choose to not take the update, these fixes will be bundled into next month’s Patch Tuesday updates.

Related:

  • No Related Posts

Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability

A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.

The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby

Security Impact Rating: High

CVE: CVE-2020-3194

Related:

  • No Related Posts

Microsoft Exchange: 355000 Servers Lack Critical Patch

Governance & Risk Management , IT Risk Management , Patch Management

Fix Released in February Only Installed on 18 Percent of Servers, Rapid7 WarnsMathew J. Schwartz (euroinfosec) • April 8, 2020

Microsoft Exchange: 355,000 Servers Lack Critical Patch
Rapid7: Any attempts to exploit CVE-2020-0688 will leave artifacts in the Windows and IIS logs, including the name of the legitimate user account that was used.

Patch or perish alert: Less than than 20 percent of all Microsoft Exchange servers have received a fix for a serious flaw Microsoft first disclosed nearly two months ago, security firm Rapid7 warns.

See Also:Live Webinar | Can Medium-Sized Companies Automate Access to Critical Multi-Cloud IT Environments?

“As of March 24, there were over 350,000 Exchange servers exposing a version of the software that has this vulnerability,” writes Tom Sellers, a senior manager at Boston-based Rapid7 Labs, in a blog post.

The vulnerability could allow a remote attacker “to turn any stolen Exchange user account into a complete system compromise,” he says. “In many implementations, this could be used to completely compromise the entire Exchange environment – including all email – and potentially all of Active Directory” (see: Why Hackers Abuse Active Directory).

Microsoft addressed the remote-code-execution vulnerability – designated CVE-2020-0688 – via security updates it released on Feb. 11 for all supported versions of Microsoft Exchange. At least at that point, the flaw didn’t appear to have been targeted in the wild, the company said. The flaw was reported to Microsoft by an anonymous researcher via Trend Micro’s Zero Day Initiative.

“A remote-code-execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time,” Microsoft said in its security alert. “Knowledge of the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM. The security update addresses the vulnerability by correcting how Microsoft Exchange creates the keys during install.”

Security Updates Include Patch

To fix the flaw, Microsoft pushed security updates for four base versions of Exchange:

  • Exchange Server 2010 service pack 3 update rollup 30;
  • Exchange Server 2013 cumulative update 23;
  • Exchange Server 2016 cumulative update 14;
  • Exchange Server 2016 cumulative update 15;
  • Exchange Server 2019 cumulative update 3;
  • Exchange Server 2019 cumulative update 4.

But the vast majority of these servers remain unpatched, according to a survey conducted by Project Sonar, Rapid7’s in-house internet scanning project (see: Is COVID-19 Driving a Surge in Unsafe Remote Connectivity?).

“On March 24, we used Project Sonar to survey the internet for publicly facing Exchange Outlook Web App – OWA – services,” Sellers says. “What we found was that at least 357,629 (82.5 percent) of the 433,464 Exchange servers we observed were known to be vulnerable.”

Subsequently, Sellers added a caveat that 35,000 fewer servers might be vulnerable, owing to Microsoft’s fix for Exchange 2010 not updating the visible build information, meaning that scans alone could not tell if an Exchange 2010 system had been updated. Instead, organizations will need to manually verify that every such system has the update. Sellers says they should do the same for all Exchange 2013 and newer systems, noting that the build number alone should indicate if the relevant update is in place.

Check for Compromise

Rapid7 also recommends all organizations that use Exchange search for any signs that they have been compromised via this flaw.

“The exploit code that we tested with left log artifacts in the Windows Event Log and the IIS [Internet Information Services] logs on both patched and unpatched servers,” Sellers says, noting that the log error message will also name the compromised user account.

“You will see the username of the compromised account name at the end of the log entry,” according to Rapid7’s Tom Sellers

Because the attack requires a valid Exchange user account to succeed, “any user accounts seen in these exploitation attempts should be considered compromised,” Sellers says.

But Wait, There’s More

Unfortunately, the Project Sonar scans revealed more widespread problems than a lack of CVE-2020-0688 patching. Notably, Rapid7 researchers found 31,000 Exchange 2010 servers online that had received no updates since 2012, as well as 800 Exchange 2010 servers that have never been updated. It also saw 10,371 Exchange 2007 servers.

“In addition to the high numbers of servers that are missing multiple updates, there is a concerning number of Exchange 2007 and 2010 servers,” Sellers says, although he notes that Exchange 2007 is not vulnerable to CVE-2020-0688. Even so, the unsupported operating system long ago stopped receiving security updates, and now has a raft of critical flaws that attackers could exploit. “Exchange 2007 transitioned to ‘end of support’ status nearly three years ago, on April 11, 2017,” he says. “No security updates, bug fixes, time zone updates, etc., are provided after that date.”

Exchange 2010 was scheduled to reach end of support on Jan. 14, although that’s now been postponed until Oct. 13, 2020. “There are over 166,000 of these servers connected to the internet,” Sellers says. “That’s a staggering number of enterprise-class mail systems that will be unsupported in a few months.”

Related:

Supported Databases for Virtual Apps and Desktops (XenApp & XenDesktop) AND Provisioning (Provisioning Services)

Citrix is committed to ensuring that our products function with the latest Microsoft SQL databases. Citrix supplies reasonable efforts to ensure compatibility with upcoming database releases. New versions of supported databases released after our products have been released, must work. However, Citrix recommends creating a test environment to ensure there are no unforeseen issues related to changes made to the new version or update of the third-party product. Individuals wishing to use the new release with current Citrix products must perform their own testing before using the platform. Citrix does not support any BETA versions of third-party products.

Note:

  • This document will be updated periodically as new information becomes available.
  • The Cumulative Updates for SQL versions are not called out explicitly. They are an extension of the product and supported.

What has changed from the last release of the matrix

  • Updated support for Virtual Apps and Desktops 7 1912 LTSR
Supported Databases Virtual Apps and Desktops (XenApp/XenDesktop) 7.15 LTSR / 1909 / 1912 LTSR XenApp/XenDesktop 7.6 LTSR Provisioning Services 7.15 LTSR / 1909 / 1912 LTSR Provisioning Services 7.6 LTSR XenApp 6.5 HRP07
SQL 2017
x64 Yes Yes Yes (1) Yes (1) Yes
Express Yes Yes Yes (1) Yes (1) Yes
SQL 2016 SP1, SP2
x64 Yes Yes Yes (1) Yes (1) Yes
Express Yes Yes Yes (1) Yes (1) Yes
SQL 2014 SP1, SP2, SP3
x86 Yes Yes Yes (1) Yes (1) Yes
x64 Yes Yes Yes (1) Yes (1) Yes
Express Yes Yes Yes Yes Yes
SQL 2012 SP1, SP2, SP3, SP4
x86 Yes Yes Yes (1) Yes (1) Yes
x64 Yes Yes Yes (1) Yes (1) Yes
Express Yes Yes Yes Yes Yes
SQL 2012
x86 Yes Yes Yes (1) Yes (1) Yes
x64 Yes Yes Yes (1) Yes (1) Yes
Express Yes (2) Yes (2) Yes Yes Yes
SQL 2008 R2 SP2, SP3
x86 Yes Yes Yes Yes Yes
x64 Yes Yes Yes Yes Yes
Express Yes Yes Yes Yes Yes

  1. PVS 7.7 onwards Always ON is supported. PVS 7.11 introduced Multi-subnet Failover
  2. Known issue using SQL 2012 and above with XenDesktop, Refer to article ‘CTX132438 – Unable to Create New XenDesktop Site Using SQL 2012 Server’

Note:

  • The x86 and x64 versions of SQL (version 2012 and later) have been validated with Always On, Clustered, Standalone and Mirrored modes.
  • The Express edition has been validated only as Standalone.

Related: