Microsoft pulls repair for Outlook bug behind ICS safety alerts

Microsoft has rolled again a repair for a recognized Outlook subject that was inflicting incorrect safety alerts when opening ICS calendar information after putting in the December Outlook Desktop safety updates.

Affected Microsoft 365 customers are seeing surprising warnings that “Microsoft Office has identified a potential security concern” and that “This location may be unsafe” when double-clicking ICS information saved on their gadgets.

The December safety updates triggering these alerts patch an Outlook data disclosure vulnerability (CVE-2023-35636) that may let attackers steal NTLM hashes by way of maliciously crafted information and use them in Home windows pass-the-hash assaults to entry delicate information or transfer laterally on the community.

Microsoft fastened the difficulty in early April and began transport it with Outlook for Microsoft 365 Model 2404 Construct 17531.20000 to Workplace Insiders within the Beta Channel.

“The Outlook Team found issues with the fix while it was being tested in the Insider channels,” the corporate mentioned in a assist doc up to date on Tuesday.

“Currently the fix has been disabled and will be re-enabled after some modifications. We will update this topic as soon as the fix is available again for testing.”

​For customers experiencing the difficulty, a short lived workaround is obtainable till the repair is launched, which requires utilizing a registry key to disable the false safety notifications.

Nonetheless, it is necessary to notice that this non permanent repair may also cease safety prompts for all different probably harmful file varieties.

To use the workaround, it’s a must to add a brand new DWORD key with a worth of ‘1’ to:

  • HKEY_CURRENT_USERsoftwarepoliciesmicrosoftoffice16.0commonsecurity (Group Coverage registry path)
  • ComputerHKEY_CURRENT_USERSoftwareMicrosoftOffice16.0CommonSecurity (OCT registry path)

Affected Outlook customers may also eradicate the warnings by following directions within the ‘Allow or disable hyperlink warning messages in Workplace packages‘ assist doc.

Final month, Microsoft resolved one other recognized subject, inflicting some Outlook desktop shoppers to cease synchronizing with e mail servers by way of Alternate ActiveSync.

The corporate additionally fastened a bug in February that generated connection issues for Outlook.com customers on desktop and cellular e mail shoppers.

Recent articles