Microsoft Retracts Solution for Outlook Bug Causing False Security Alerts
April 23, 2024
Microsoft has retracted a patch for a known issue with its Outlook email client that was causing false security warnings when users tried to open ICS calendar files after installing the December Outlook Desktop security updates. Users of Microsoft 365 were confronted with unexpected alerts stating 'Microsoft Office has identified a potential security concern' and 'This location may be unsafe' when attempting to open ICS files stored on their devices.
These alerts were triggered by the December security updates which were designed to patch an Outlook information disclosure vulnerability (CVE-2023-35636). This vulnerability could allow threat actors to steal NTLM hashes through maliciously crafted files and use them in Windows pass-the-hash attacks to access confidential data or move laterally within the network.
Microsoft initially addressed this issue in early April and began incorporating it with Outlook for Microsoft 365 Version 2404 Build 17531.20000 for Office Insiders in the Beta Channel. However, as stated in a support document updated on Tuesday, 'The Outlook Team found issues with the fix while it was being tested in the Insider channels.' As a result, the fix has been deactivated and will be reactivated after certain modifications. Microsoft has promised to update as soon as the fix is ready for testing again.
In the interim, a temporary workaround is available for users affected by the issue. This involves using a registry key to disable the false security notifications. However, it is crucial to understand that this temporary solution will also halt security prompts for all other potentially hazardous file types. To implement the workaround, a new DWORD key with a value of '1' must be added.
Additionally, affected Outlook users can also suppress the warnings by adhering to the instructions in the 'Enable or disable hyperlink warning messages in Office programs' support document. In the previous month, Microsoft rectified another known issue that was causing some Outlook desktop clients to cease synchronizing with email servers via Exchange ActiveSync. The company also resolved a bug in February that was causing connectivity issues for Outlook.com users on desktop and mobile email clients.
Related News
- Russian Hackers Launch Widespread Cyberattacks Targeting Global Intelligence
- Outlook and Windows Programs Targeted by New NTLM Hash Leak Attacks
Latest News
- Russian APT28 Hackers Exploit Windows Flaw Highlighted by NSA
- CrushFTP Urges Users to Immediately Patch Exploited Zero-Day Vulnerability
- MITRE Corporation's Network Breached by State-Backed Hackers Using Ivanti Zero-Days
- Ongoing Attacks Target 22,500 Palo Alto Firewalls Vulnerable to CVE-2024-3400
- Akira Ransomware Gang Amasses $42 Million; Expands Target to Linux Servers
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.