Security News > 2024 > April > Microsoft fixes Outlook security alerts bug caused by December updates
2024-04-04 19:14
Microsoft has fixed an issue that triggers erroneous Outlook security alerts when opening.
ICS calendar files after installing the December 2023 Outlook Desktop security updates.
The December Patch Tuesday security updates behind these inaccurate warnings patch the CVE-2023-35636 Microsoft Outlook information disclosure vulnerability, which attackers can exploit to steal NTLM hashes via maliciously crafted files.
Microsoft has now found a fix for this issue and is shipping it with Outlook for Microsoft 365 Version 2404 Build 17531.
Microsoft Outlook December updates trigger ICS security alerts.
Microsoft fixes Outlook clients not syncing over Exchange ActiveSync.
News URL
Related news
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft releases Exchange hotfixes for security update issues (source)
- Microsoft pulls fix for Outlook bug behind ICS security alerts (source)
- Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (source)
- Microsoft Copilot for Security prepares for April liftoff (source)
- Microsoft’s Security Copilot Enters General Availability (source)
- Microsoft warns Gmail blocks some Outlook email as spam, shares fix (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Surveillance by the New Microsoft Outlook App (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-35636 | Unspecified vulnerability in Microsoft products Microsoft Outlook Information Disclosure Vulnerability | 6.5 |