Outlook Security Alert Issue Fixed by Microsoft
Microsoft has recently addressed and resolved an issue with Outlook that was causing incorrect security alerts for users opening ICS calendar files after installing the December Outlook Desktop security updates.
The security updates for December had triggered unexpected warnings for Microsoft 365 users, prompting them with messages like “Microsoft Office has identified a potential security concern” and “This location may be unsafe” when trying to open ICS files saved on their devices.
The root cause for this issue was an information disclosure vulnerability (CVE-2023-35636) in Outlook that could be exploited by attackers to steal NTLM hashes and use them for pass-the-hash attacks on the Windows network. To address this vulnerability, Microsoft rolled out a fix in early April as part of Version 2404 Build 17531.20000 for Office Insiders in the Beta Channel.
However, the Outlook Team discovered problems with the fix during testing in the Insider channels, leading to its temporary removal until modifications were made. This has caused inconvenience for affected users, but Microsoft has assured to reinstate the fix soon once the necessary adjustments have been made.
Workaround Available for Security Alert Issue
While the fix is being reworked, Microsoft has provided a workaround for users experiencing the security alert issue. The workaround involves adding a new DWORD key with a value of ‘1’ to the following registry paths:
- HKEY_CURRENT_USERsoftwarepoliciesmicrosoftoffice16.0commonsecurity (Group Policy registry path)
- ComputerHKEY_CURRENT_USERSoftwareMicrosoftOffice16.0CommonSecurity (OCT registry path)
However, it is important to note that this temporary solution will also prevent security prompts for all other potentially dangerous file types.
Alternatively, affected users can also refer to the ‘Enable or disable hyperlink warning messages in Office programs’ support document for steps to eliminate the security alerts.
Other Recent Outlook Issues Resolved by Microsoft
This is not the first time Microsoft has faced issues with Outlook. In the past, they have also addressed issues such as desktop clients not syncing with email servers via Exchange ActiveSync and connection problems for Outlook.com users on desktop and mobile email clients.
Keeping their commitment to providing high-quality security updates, Microsoft continues to work towards resolving any issues affecting Outlook and ensuring the safety of their users’ data.