Microsoft is investigating an issue that triggers Outlook security alerts when trying to open.
ICS calendar files after installing December 2023 Patch Tuesday Office security updates.
The company also revealed that the security warning will be displayed after deploying a security update that patches the CVE-2023-35636 Microsoft Outlook information disclosure vulnerability.
The security flaw can be exploited by attackers to trick users of unpatched Outlook installations into opening maliciously crafted files to steal NTLM hashes.
The attackers can later use them to authenticate as the compromised user, gain access to sensitive data, or spread laterally on their network.
Until a resolution is available, Redmond shared a temporary fix for those impacted in the form of a registry key that would disable the security notice.
Once this workaround is deployed, it's also important to note that you'll stop receiving security prompts for all other potentially dangerous file types, not just ICS calendars.
Impacted customers can also disable the dialog by following the step-by-step instructions available in the 'Enable or disable hyperlink warning messages in Office programs' support document.
Microsoft fixed another known Outlook issue earlier this month, causing desktop and mobile email clients to fail to connect when using Outlook.com accounts.
In December, the company addressed two more bugs causing problems for users with lots of folders when sending emails and one more causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts.
Microsoft: Outlook email sending issues for users with lots of folders.
Microsoft says Outlook apps can't connect to Outlook.com.
Microsoft fixes connection issue affecting Outlook email apps.
One year of Microsoft 365 for one user is now $45 in this deal.
CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 05 Feb 2024 22:05:41 +0000