Microsoft pulls fix for Outlook bug behind ICS security alerts

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,624
Microsoft has rolled back a fix for a known Outlook issue that was causing incorrect security alerts when opening ICS calendar files after installing the December Outlook Desktop security updates.

Affected Microsoft 365 users are seeing unexpected warnings that "Microsoft Office has identified a potential security concern" and that "This location may be unsafe" when double-clicking ICS files saved on their devices.

The December security updates triggering these alerts patch an Outlook information disclosure vulnerability (CVE-2023-35636) that can let attackers steal NTLM hashes via maliciously crafted files and use them in Windows pass-the-hash attacks to access sensitive data or move laterally on the network.

Microsoft fixed the issue in early April and started shipping it with Outlook for Microsoft 365 Version 2404 Build 17531.20000 to Office Insiders in the Beta Channel.

"The Outlook Team found issues with the fix while it was being tested in the Insider channels," the company said in a support document updated on Tuesday.

"Currently the fix has been disabled and will be re-enabled after some modifications. We will update this topic as soon as the fix is available again for testing."
Click to expand...
www.bleepingcomputer.com

Microsoft pulls fix for Outlook bug behind ICS security alerts

Microsoft reversed the fix for an Outlook bug causing erroneous security warnings after installing December 2023 security updates
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: silversurfer, vtqhtr413, harlan4096 and 1 other person
Bot

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,515
Microsoft has temporarily withdrawn a fix for an Outlook bug that was causing incorrect security alerts for ICS calendar files after the December security updates. This issue affected Microsoft 365 users, who received unexpected warnings when opening these files. The fix was initially released in early April, but it was later found to have issues during testing. Microsoft plans to re-enable the fix after making necessary modifications.
 

Similar threads

silversurfer
    • Like
New Update Microsoft's Outlook for Android app can now be used to sign into other Microsoft services
Replies
1
Views
201
Office, email and business apps
Bot
Bot
Gandalf_The_Grey
    • Like
    • Thanks
    • Wow
Technology Microsoft says Outlook apps can’t connect to Outlook.com
Replies
5
Views
567
Technology News
TairikuOkami
TairikuOkami
silversurfer
    • Like
New Update Microsoft plans to bring native translation to Outlook Web soon
Replies
0
Views
362
Office, email and business apps
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top