HomeWinBuzzer NewsMicrosoft Temporarily Withdraws Outlook Security Update Due to False Alerts

Microsoft Temporarily Withdraws Outlook Security Update Due to False Alerts

Microsoft pulled an Outlook update due to false security alerts in calendar files. A temporary fix disables other security prompts too.

-

Microsoft has recently withdrawn a security update for Outlook after it was found to cause incorrect security alerts when users opened ICS calendar files. The issue emerged following the December security updates for the Outlook Desktop application, which were intended to address an information disclosure vulnerability identified as CVE-2023-35636. This vulnerability could potentially allow attackers to steal NTLM hashes from maliciously crafted files, facilitating unauthorized access to sensitive data or enabling lateral movements within a network.

Details of the Issue and Temporary Workaround

The problematic updates were initially fixed by Microsoft in early April, with the solution being distributed in Outlook for Microsoft 365 Version 2404 Build 17531.20000 to Office Insiders in the Beta Channel. However, during testing in the Insider channels, the Outlook Team discovered issues with the fix, leading to its temporary disablement. Microsoft has announced that the fix will be re-enabled after further modifications, promising updates on the topic as soon as the revised fix is ready for testing again.

In the meantime, Microsoft has provided a temporary workaround for users affected by the false security alerts. This involves adding a new DWORD key with a value of ‘1’ to specific registry paths, effectively disabling the false security notifications. It is important to note, however, that applying this workaround will also disable security prompts for all other potentially dangerous file types, potentially increasing the risk of security threats.

Previous Issues and Fixes

This is not the first time Microsoft has had to address issues with Outlook following updates. Last month, the company resolved an issue that prevented some Outlook desktop clients from synchronizing with email servers through Exchange ActiveSync. Additionally, in February, Microsoft fixed a bug that caused connection problems for [Outlook.com](http://Outlook.com “‌”) users on both desktop and mobile email clients. These incidents highlight the ongoing challenges in maintaining the security and functionality of widely used software applications like Outlook, especially in the face of sophisticated cyber threats.

Last Updated on November 7, 2024 8:51 pm CET

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
We would love to hear your opinion! Please comment below.x
()
x