April 23, 2024 at 05:57PM
Microsoft has reverted a fix for a known issue in Outlook, resulting in incorrect security alerts when opening ICS calendar files. The December security updates triggered these alerts, aiming to patch an information disclosure vulnerability. A temporary workaround is available, but it will disable security prompts for other file types. Users can apply the workaround via registry key.
Based on the meeting notes, the key takeaways are:
– Microsoft has rolled back a fix for a known Outlook issue related to incorrect security alerts when opening ICS calendar files after installing the December Outlook Desktop security updates.
– Affected Microsoft 365 users are seeing unexpected warnings related to potential security concerns when double-clicking ICS files saved on their devices.
– The December security updates triggering these alerts patch an Outlook information disclosure vulnerability (CVE-2023-35636).
– The fix for the issue was initially rolled out in early April and started shipping with Outlook for Microsoft 365 Version 2404 Build 17531.20000 to Office Insiders in the Beta Channel.
– The fix has been disabled due to issues found during testing in the Insider channels, and Microsoft plans to re-enable it after modifications.
– A temporary workaround is available for affected users, involving the use of a registry key to disable false security notifications. However, this will also stop security prompts for all other potentially dangerous file types.
– Instructions for applying the workaround can be found in the meeting notes.
– Last month, Microsoft resolved another known issue of Outlook desktop clients failing to synchronize with email servers via Exchange ActiveSync, as well as a bug in February that generated connection problems for Outlook.com users on desktop and mobile email clients.
Is there anything else you would like to know?