HomeWinBuzzer NewsMicrosoft Temporarily Withdraws Outlook Security Update Due to False Alerts

Microsoft Temporarily Withdraws Outlook Security Update Due to False Alerts

Microsoft pulled an Outlook update due to false security alerts in calendar files. A temporary fix disables other security prompts too.

-

has recently withdrawn a security update for Outlook after it was found to cause incorrect security alerts when users opened ICS calendar files. The issue emerged following the December security updates for the Desktop application, which were intended to address an information disclosure vulnerability identified as CVE-2023-35636. This vulnerability could potentially allow attackers to steal NTLM hashes from maliciously crafted files, facilitating unauthorized access to sensitive data or enabling lateral movements within a network.

Details of the Issue and Temporary Workaround

The problematic updates were initially fixed by Microsoft in early April, with the solution being distributed in Outlook for Microsoft 365 Version 2404 Build 17531.20000 to Office Insiders in the Beta Channel. However, during testing in the Insider channels, the Outlook Team discovered issues with the fix, leading to its temporary disablement. Microsoft has announced that the fix will be re-enabled after further modifications, promising updates on the topic as soon as the revised fix is ready for testing again.

In the meantime, Microsoft has provided a temporary workaround for users affected by the false security alerts. This involves adding a new DWORD key with a value of ‘1' to specific registry paths, effectively disabling the false security notifications. It is important to note, however, that applying this workaround will also disable security prompts for all other potentially dangerous file types, potentially increasing the risk of security threats.

Previous Issues and Fixes

This is not the first time Microsoft has had to address issues with Outlook following updates. Last month, the company resolved an issue that prevented some Outlook desktop clients from synchronizing with email servers through Exchange ActiveSync. Additionally, in February, Microsoft fixed a bug that caused connection problems for [Outlook.com](http://Outlook.com “‌”) users on both desktop and mobile email clients. These incidents highlight the ongoing challenges in maintaining the security and functionality of widely used software applications like Outlook, especially in the face of sophisticated cyber threats.

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News