Microsoft Outlook December Updates Flash Security Concerns in ICS Systems

Microsoft is looking into an issue that causes Outlook security alarms when users attempt to view ICS calendar files. It was taken into consideration after installing the December 2023 Patch Tuesday Office security upgrades.

This problem affects Microsoft 365 users. When double-clicking ICS files stored locally, they warn that "Microsoft Office has identified a potential security concern" and that "This location may be unsafe".

On this support page, Microsoft notes that "This behavior is not expected when opening ICS files." This is an issue, which will be fixed in a future release.

The corporation also stated that the security alert will appear when a security update is deployed. Later, it will address the CVE-2023-35636 Microsoft Outlook information disclosure issue.

If the information is not fixed, attackers can leverage the security hole to deceive users of unpatched Outlook installations. It enables them to access maliciously constructed files and steal NTLM hashes (their obfuscated Windows credentials).

Attackers can then utilize them to 

  •  Authenticate as the hacked user.
  • Get access to sensitive info.
  • Spread laterally over their network.

In the interim, Redmond provided a temporary remedy for anyone who had previously been afflicted by this malicious behavior. However, it is crucial to remember that you will no longer receive security alerts for any other potentially harmful file formats, including ICS calendars. Those impacted by this known problem must create a new DWORD key with the value '1' to:

  • HKEY_CURRENT_USERsoftwarepoliciesmicrosoftoffice16.0commonsecurity (group policy registry path)
  • ComputerHKEY_CURRENT_USERSoftwareMicrosoftOffice16.0CommonSecurity (OCT registry path).
  • The afflicted users can also disable the dialog by following the step-by-step instructions in the support article 'Enable or disable hyperlink warning messages in Office products'.

It has also been noted that Microsoft resolved another known Outlook bug earlier this month. It causes desktop and mobile email applications to fail to connect to Outlook.com accounts.

In December, the business resolved two further problems. These flaws were causing issues for users with multiple folders while sending emails. Additionally, it causes Outlook Desktop clients to break when sending emails from Outlook.com accounts.

 

Latest Updates

Search

Recent News

Blog Images

Microsoft Addresses Exploited Zero-Day in May 2024: CVE-2024-30051 and CVE-2024-30040 Resolved

Blog Images

Dell Data Breach: Hacker Compromises Customer Phone Numbers and Service Reports

Blog Images

Apple Implements RTKit iOS Zero-Day Fix for Older iPhone Models

Blog Images

OpenAI Unveils GPT-4o: Faster, Enhanced Model Now Available Free for All ChatGPT Users

Blog Images

Proof of Concept (PoC) Unveiled for Severe PuTTY Private Key Recovery Vulnerability

Blog Images

Europol Has Mourned a Data Breach Asserted by Scandalous Cyberpunk IntelBroker

Blog Images

Monday.com eliminates "Share Update" feature due to misuse in phishing attacks

Blog Images

Fresh Malware Targeting Windows and MS Office Users Emerges

Blog Images

This year Google sets the fifth Chrome zero-day manipulated in assault

Blog Images

Russian military cyberpunks target its govt networks, said Poland

Blog Images

An infinite loop DNS lookup vulnerability has been reported in Golang

Blog Images

Data Breach Investigation by Zscaler After Hacker Claims Access for Sale

Blog Images

Microsoft Forthrightly Permits MS-DOS 4.0 Source Code

Blog Images

PlugX USB worm Contaminated Over 2.5M Appliances

Blog Images

Amid U.K. regulatory scrutiny, Google scraps deprecating third-party cookies

Blog Images

Hacker Forums Claim Of A Zero-Day Exploit For Windows LPE

Blog Images

Elimination Of Offlrouter Malware Discovery In Ukraine For Nearly A Decade

Blog Images

Usage of Lua Bytecode By A Novel Redline Stealer Version To Ensure Confidentiality

Blog Images

Master Password Hacking And Account Hijacking By Introducing LastPass Employee

Blog Images

Cisco Displays AI-Powered Automated Vulnerability Hypershield

Blog Images

Customization Of LockBit 3.0 Ransomware By Attackers To Hack Orgs Globally

Blog Images

Pupy RAT Used by Attackers To Hack Linux Systems

Blog Images

Palo Alto Networks Firewall Vulnerabilities Encourage Hackers To Interrupt Systems

Blog Images

Escalation Of Microsoft Email Breach By Russian-Backed Hacker Group

Blog Images

Attack Of Exotic Visit Spyware Campaign On Indian And Pakistani Android Users

Blog Images

Major Adobe Security Flaws Allow Hackers To Launch Arbitrary Code Remotely

Blog Images

Provision Of New Automation Assistance For AI Safety And Governance By Cypago

Blog Images

Discovery Of LG Smart TV Flaws Empowering Restricted Access To Devices

Blog Images

French Football Club PSG Ticketing System Hacked In Cyber Attack

Blog Images

Vulnerability Of Multitude Of CISCO Small Business Routers To XSS Attacks

Blog Images

Enormous boAt Data Breach: Personal Data of 7.5 Million Customers Compromised

Blog Images

CoralRaider Hackers Grab Financial Information, Social Media Passwords, And Account Credentials

Blog Images

JsOutProx Malware Manipulation of GitLab to Target Financial Services Organizations

Blog Images

Hackers AI Package Hallucination Technique To Abuse ChatGPT, Gemini & To Spread Malware

Blog Images

D-Link NAS Command Injection Vulnerability Influence On 92k Devices

Blog Images

Removal Of Billions Of Browsing Records In incognito Mode By Google For Lawsuit Settlement

Blog Images

Massive Phishing Campaign For Deploying Venom RAT In Latin America Sectors

Blog Images

Launch of 20,000 Phishing Domains By Phishing-as-a-Service Platform To Attack 100+ Nations

Blog Images

Octopus Server Vulnerability Enable Attackers Strengthen Privilege

Blog Images

Upstream Xz/Liblzma Backdoor’s Allowance To Attackers To Knock Out SSH Servers

Blog Images

Linux Servers Targeted By DinodasRAT Linux Malware Attack To Acquire Backdoor Access

Blog Images

Hackers Attack on macOS Users Using Malicious Ads Increasing Stealer Malware

Blog Images

AT&T Data Breach: Leakage of 73 Million of Customers Data in Dark Web

Blog Images

6,000 ASUS Routers Hacked By The Moon Malware In 72 hours To Use For Proxy

Blog Images

Wireshark 4.2.4 Released: Whats New?!

Blog Images

Data Leaked from Shopify Plugins nearly 2k stores

Blog Images

Hackers Are Using SQL Injection Vulnerabilities to Take Down Servers, According to CISA & FBI

Blog Images

7 Chinese Govt Cyberpunks Accused for 14-year Hack Campaign

Blog Images

Rank Math SEO Plugin Vulnerability Leaves 2+ Million Websites Open to Cyber Attack

Blog Images

Hackers Target Top-gg and Other Companies with a Supply Chain Attack by Hijacking GitHub Accounts

Blog Images

United States Fines a Man with $9.9 Million for Distributing Thousands of Intruding Robocalls

Blog Images

Patch Now for the Two Firefox Zero-Day Exploits at Pwn2Own

Blog Images

Attacking Linux Systems Using x86 Architecture with AcidPour

Blog Images

Amazon Repairs the Serious FlowFixation Flaw in Airflow Service to Stop Session Hijacking

Blog Images

Players of Apex Legends Fear an RCE Vulnerability Following ALGS Hacks

Blog Images

A New Script-Based Attack Using VBScript and PowerShell

Blog Images

Russian Hackers May Have Attacked Ukrainian Telecom Providers Using Up-To-Date AcidPour Malware

Blog Images

Current Windows Server Updates Cause Crashing & Rebooting Domain Controllers

Blog Images

US Sanctions Russians for Cyber Influence Campaign Behind the “Doppelganger”

Blog Images

New Malware Variant Surfaces for BunnyLoader Featuring Modular Attack Functionalities

Blog Images

Beware of This Free Wedding Invite WhatsApp Scam That Steals Personal Information

Blog Images

Hackers Attacking Cyberspace with Weaponized SVG Files

Blog Images

Attackers Using CryptoWire Ransomware Abuse Scheduled Tasks to Continue

Blog Images

WordPress Administrators Requested Removal of miniOrange Plugins Owing to Serious Error