Microsoft Retracts Solution for Outlook Bug Causing False Security Alerts

April 23, 2024

Microsoft has retracted a patch for a known issue with its Outlook email client that was causing false security warnings when users tried to open ICS calendar files after installing the December Outlook Desktop security updates. Users of Microsoft 365 were confronted with unexpected alerts stating 'Microsoft Office has identified a potential security concern' and 'This location may be unsafe' when attempting to open ICS files stored on their devices.

These alerts were triggered by the December security updates which were designed to patch an Outlook information disclosure vulnerability (CVE-2023-35636). This vulnerability could allow threat actors to steal NTLM hashes through maliciously crafted files and use them in Windows pass-the-hash attacks to access confidential data or move laterally within the network.

Microsoft initially addressed this issue in early April and began incorporating it with Outlook for Microsoft 365 Version 2404 Build 17531.20000 for Office Insiders in the Beta Channel. However, as stated in a support document updated on Tuesday, 'The Outlook Team found issues with the fix while it was being tested in the Insider channels.' As a result, the fix has been deactivated and will be reactivated after certain modifications. Microsoft has promised to update as soon as the fix is ready for testing again.

In the interim, a temporary workaround is available for users affected by the issue. This involves using a registry key to disable the false security notifications. However, it is crucial to understand that this temporary solution will also halt security prompts for all other potentially hazardous file types. To implement the workaround, a new DWORD key with a value of '1' must be added.

Additionally, affected Outlook users can also suppress the warnings by adhering to the instructions in the 'Enable or disable hyperlink warning messages in Office programs' support document. In the previous month, Microsoft rectified another known issue that was causing some Outlook desktop clients to cease synchronizing with email servers via Exchange ActiveSync. The company also resolved a bug in February that was causing connectivity issues for Outlook.com users on desktop and mobile email clients.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.