Microsoft is investigating a problem that triggers Outlook safety alerts when making an attempt to open .ICS calendar information after putting in December 2023 Patch Tuesday Workplace safety updates.
Microsoft 365 customers affected by this problem report seeing dialog packing containers warning them that “Microsoft Workplace has recognized a possible safety concern” and that “This location could also be unsafe” when double-clicking ICS information saved domestically.
“This habits will not be anticipated when opening .ICS information. It is a bug and shall be addressed in a future replace,” Microsoft explains in this help doc.
The corporate additionally revealed that the safety warning shall be displayed after deploying a safety replace that patches the CVE-2023-35636 Microsoft Outlook data disclosure vulnerability.
If left unpatched, the safety flaw could be exploited by attackers to trick customers of unpatched Outlook installations into opening maliciously crafted information to steal NTLM hashes (their obfuscated Home windows credentials).
The attackers can later use them to authenticate because the compromised person, achieve entry to delicate knowledge, or unfold laterally on their community.
Workaround accessible
Till a decision is accessible, Redmond shared a brief repair for these impacted within the type of a registry key that might disable the safety discover.
Nonetheless, as soon as this workaround is deployed, it is also essential to notice that you’re going to cease receiving safety prompts for all different probably harmful file varieties, not simply ICS calendars.
These affected by this recognized problem have so as to add a brand new DWORD key with a worth of ‘1’ to:
- HKEY_CURRENT_USERsoftwarepoliciesmicrosoftoffice16.0commonsecurity (Group Coverage registry path)
- ComputerHKEY_CURRENT_USERSoftwareMicrosoftOffice16.0CommonSecurity (OCT registry path)
Impacted prospects may disable the dialog by following the step-by-step directions accessible within the ‘Allow or disable hyperlink warning messages in Workplace packages‘ help doc.
Microsoft fastened one other recognized Outlook problem earlier this month, inflicting desktop and cell e-mail purchasers to fail to attach when utilizing Outlook.com accounts.
In December, the corporate addressed two extra bugs inflicting issues for customers with plenty of folders when sending emails and yet one more inflicting Outlook Desktop purchasers to crash when sending emails from Outlook.com accounts.
