Microsoft has successfully addressed a critical issue that has been causing erroneous security alerts in Outlook desktop applications when opening .ICS calendar files. This problem surfaced after users installed the December 2023 security updates for Outlook Desktop.
The security updates issued during the December Patch Tuesday aimed to fix the CVE-2023-35636 vulnerability in Microsoft Outlook, which had the potential to disclose sensitive information. Attackers could exploit this vulnerability to steal NTLM hashes through specially crafted files. These credentials could then be used in pass-the-hash attacks to gain unauthorized access to sensitive data or to spread laterally across networks.
Users affected by this issue encountered warning dialog boxes stating that "Microsoft Office has identified a potential security concern" and that "This location may be unsafe" when attempting to open locally saved .ICS files.
Microsoft acknowledged this issue in February, clarifying that such behavior was not expected when opening .ICS files and promised a fix in a future update.
Now, Microsoft has rolled out a solution with the release of Outlook for Microsoft 365 Version 2404 Build 17531.20000 in the Beta Channel. Users who wish to test the fix can do so through the Office Insider Channels.
For those in the Current Channel, the fix is scheduled to be released on April 30th. Following successful testing, the fix will be backported to Version 2402 for the Semi-Annual Enterprise Channel (Preview) during the June 2024 Patch Tuesday.
In the meantime, users experiencing the issue can temporarily disable the erroneous security notifications using a registry key workaround. However, it's essential to note that implementing this workaround will also disable security prompts for other potentially dangerous file types.
To apply the workaround, users must add a new DWORD key with a value of '1' to the specified registry path.
Additionally, Outlook users can disable warning dialogs by following instructions provided in the 'Enable or disable hyperlink warning messages in Office programs' support document.
This fix comes after Microsoft addressed another known Outlook issue last month, which caused some Outlook desktop clients to stop syncing with email servers via Exchange ActiveSync. The company has been proactive in resolving various Outlook-related issues, including connection problems with Outlook.com on desktop and mobile email clients back in February.
0 comments:
Post a Comment