Microsoft Outlook December updates trigger ICS security alerts

Microsoft Outlook December updates trigger ICS security alerts

February 5, 2024 at 05:07PM

Microsoft is investigating an issue where Outlook triggers security alerts when opening .ICS calendar files post-December 2023 Patch Tuesday Office updates. Users are affected by warning dialog boxes, and the company is working on a fix for this bug and related security warning due to CVE-2023-35636. A temporary registry key workaround is available while Microsoft addresses the issue.

Based on the meeting notes, here are the key takeaways:

– Microsoft is currently investigating an issue with Outlook security alerts triggered when opening .ICS calendar files after installing December 2023 Patch Tuesday Office security updates.
– Affected Microsoft 365 users are receiving security warning dialog boxes and are advised that this behavior is unexpected and will be addressed in a future update.
– The security warning is a result of a security update patching the CVE-2023-35636 Microsoft Outlook information disclosure vulnerability, which, if left unpatched, could be exploited by attackers to steal NTLM hashes.
– Microsoft has provided a temporary workaround in the form of a registry key to disable the security notice. However, it’s important to note that this will stop receiving security prompts for all other potentially dangerous file types, not just ICS calendars.
– Impacted customers can also disable the dialog by following the step-by-step instructions available in the ‘Enable or disable hyperlink warning messages in Office programs’ support document.
– In addition to the current issue, Microsoft also recently addressed other known bugs related to Outlook, including problems with connecting to Outlook.com accounts and issues with sending emails from Outlook with lots of folders.

Let me know if you need further assistance or any additional information.

Full Article