Microsoft is investigating a difficulty that triggers Outlook safety alerts when making an attempt to open .ICS calendar recordsdata after putting in December 2023 Patch Tuesday Workplace safety updates.
Microsoft 365 customers affected by this difficulty report seeing dialog packing containers warning them that “Microsoft Workplace has recognized a possible safety concern” and that “This location could also be unsafe” when double-clicking ICS recordsdata saved domestically.
“This conduct just isn’t anticipated when opening .ICS recordsdata. This can be a bug and will probably be addressed in a future replace,” Microsoft explains in this assist doc.
The corporate additionally revealed that the safety warning will probably be displayed after deploying a safety replace that patches the CVE-2023-35636 Microsoft Outlook info disclosure vulnerability.
If left unpatched, the safety flaw may be exploited by attackers to trick customers of unpatched Outlook installations into opening maliciously crafted recordsdata to steal NTLM hashes (their obfuscated Home windows credentials).
The attackers can later use them to authenticate because the compromised consumer, achieve entry to delicate information, or unfold laterally on their community.
Workaround accessible
Till a decision is on the market, Redmond shared a brief repair for these impacted within the type of a registry key that may disable the safety discover.
Nonetheless, as soon as this workaround is deployed, it is also vital to notice that you’re going to cease receiving safety prompts for all different probably harmful file varieties, not simply ICS calendars.
These affected by this recognized difficulty have so as to add a brand new DWORD key with a price of ‘1’ to:
- HKEY_CURRENT_USERsoftwarepoliciesmicrosoftoffice16.0commonsecurity (Group Coverage registry path)
- ComputerHKEY_CURRENT_USERSoftwareMicrosoftOffice16.0CommonSecurity (OCT registry path)
Impacted prospects also can disable the dialog by following the step-by-step directions accessible within the ‘Allow or disable hyperlink warning messages in Workplace packages‘ assist doc.
Microsoft fastened one other recognized Outlook difficulty earlier this month, inflicting desktop and cell electronic mail shoppers to fail to attach when utilizing Outlook.com accounts.
In December, the corporate addressed two extra bugs inflicting issues for customers with a lot of folders when sending emails and yet one more inflicting Outlook Desktop shoppers to crash when sending emails from Outlook.com accounts.