Since the deployment of certain security updates, Microsoft Outlook users have encountered serious security alerts while trying to open ICS calendar files. To address this issue, Microsoft has temporarily rolled back the updates and advised users to disable the false warning using a registry key.
Affected users of Microsoft 365 have reported receiving alarming security warnings when attempting to open ICS files. The messages state that “Microsoft Office has identified a potential security concern” and warned, “This location may be unsafe.”
These alerts have been triggered by the December security updates designed to address an Outlook information disclosure vulnerability (CVE-2023-25636). This vulnerability allows attackers to steal NTLM potentially hashes through maliciously crafted files, subsequently using them in Windows pass-the-hash attacks to access sensitive data or move laterally within the network.
Initially fixed in early April, the solution was integrated into Outlook for Microsoft 365 Version 2404 Build 17531.20000 and distributed to Office Insiders in the Beta Channel.
However, the fix has been rolled back, making users susceptible to these erroneous security notifications.
For users grappling with the issue, Microsoft has introduced a temporary turnaround until the company permanently fixes the issue. This workaround involves adding a new DWORD key with a value of 1 to specific registry paths, effectively disabling the false security notification. However, it is crucial to recognise that implementing this temporary fix will also halt security prompts for other potentially dangerous file types.
“In the meantime, if you need to disable the security notice temporarily, you can use the registry key below. If you decide to use the registry key, please be aware it will stop security notice prompts for all types of files and not just for the .ICS files,” warned Microsoft.
Affected users can find detailed instructions for applying the workaround in the ‘Enable or disable hyperlink warning messages in Office programs‘ support document. This document provides a step-by-step guide to navigating the registry and mitigating the security alerts until a permanent solution is reinstated.
In the News: Google delays killing 3rd-party cookies in Chrome, again
