Security News > 2024 > April > Microsoft fixes Outlook security alerts bug caused by December updates

Microsoft fixes Outlook security alerts bug caused by December updates
2024-04-04 19:14

Microsoft has fixed an issue that triggers erroneous Outlook security alerts when opening.

ICS calendar files after installing the December 2023 Outlook Desktop security updates.

The December Patch Tuesday security updates behind these inaccurate warnings patch the CVE-2023-35636 Microsoft Outlook information disclosure vulnerability, which attackers can exploit to steal NTLM hashes via maliciously crafted files.

Microsoft has now found a fix for this issue and is shipping it with Outlook for Microsoft 365 Version 2404 Build 17531.

Microsoft Outlook December updates trigger ICS security alerts.

Microsoft fixes Outlook clients not syncing over Exchange ActiveSync.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-fixes-outlook-security-alerts-bug-caused-by-december-updates/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-35636 Unspecified vulnerability in Microsoft products
Microsoft Outlook Information Disclosure Vulnerability
network
low complexity
microsoft
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 714 869 4793 4397 3718 13777