Microsoft has lastly mounted a recognized Outlook difficulty, confirmed in February, which was triggering incorrect safety alerts after putting in the December safety updates for Outlook Desktop.
The firm acknowledged the bug in early February after many Microsoft 365 customers reported seeing sudden warnings that “This location could also be unsafe” and “Microsoft Office has recognized a possible safety concern” when double-clicking ICS calendar information.
The alerts have been tagged as inaccurate and are brought on by the Outlook safety updates. These updates patch an data disclosure vulnerability (CVE-2023-35636) that lets attackers steal NTLM hashes utilizing maliciously crafted information.
The stolen NTLM hashes can then be used to hold out pass-the-hash assaults on Windows methods, acquire entry to delicate knowledge, or transfer laterally throughout the community.
Redmond mounted the problem in early April however rolled it again after delivery it to Office Insiders within the Beta Channel. “The Outlook Team discovered points with the repair whereas it was being examined within the Insider channels,” Microsoft mentioned.
However, in a brand new replace to the similar assist doc on Monday, the corporate mentioned the recognized difficulty was lastly mounted within the July ninth public replace for Outlook Desktop.
Customers who utilized a workaround advisable by Microsoft—requiring them so as to add registry keys that might disable the safety discover—are suggested to reverse it earlier than putting in the patched Outlook builds to make sure the bug has been addressed.
“If you set the registry keys under to quickly disable the safety discover, you’ll be able to take a look at eradicating them and ensure the most recent repair addresses the problem,” Redmond defined.
“If you resolve to make use of the registry key, please remember it should cease safety discover prompts for all sorts of information and never only for the .ICS information.”
Last month, Microsoft additionally introduced that it will deprecate fundamental authentication for Outlook private e mail accounts by September 16.
One month earlier, it shared a brief repair for a bug stopping Microsoft 365 customers from replying to encrypted emails utilizing the Outlook Desktop consumer.