Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Microsoft is investigating an Outlook security vulnerability that could eventually reveal your Windows passwords
CVE-2023-35636 is not so dangerous but stay alert for any updates
2 min. read
Published onFebruary 6, 2024
published onFebruary 6, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Microsoftprompted a security noticein Outlook that occurs after installing the December security updates.
This issue is classified as theCVE-2023-35636which is listed as important and it’s less likely to be exploited, although if it is, it could allow the disclosure of NTLM hashes.
A NTLM hash is a cryptographic format used by Windows to store passwords, and we don’t need to tell you how important it is to keep them safe. They are stored in the Security Account Manager or the NTDS file of a domain controller.
What is the Outlook vulnerability all about?
The error occurs when you click an .ICS file and you will be prompted with the following message:Microsoft Office has identified a potential security concern. This location may be unsafe.
However, the security notice or the vunerability itself is not threatening unless you open a specific file comming from an attacker.
Microsoft also issued a recommendation on how to stop getting this message, by changing a registry key. Open the Registry Editor by typing regedit in the Run console (Ctrl + R). Then, go to the following path:HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\common\security
Now, look for the DisableHyperlinkWarning DWORD and change its value to 1.
The only issue is that by changing this DWORD in the registry, you will disable all the security warnings in Office, not only the one for the .ICS files.
Microsoft recognized this issue and it will be addressed in a future update so make sure you install all the latest Microsoft 365 updates whenever you get them. Also, after the update retrace the steps above to reenable the Hyperlink Warning. Just change the DWORD value to 0 to do that.
Did you get the vulnerability warning in Outlook? Tell us about the problem in the comments section below.
More about the topics:Cybersecurity
Claudiu Andone
Windows Toubleshooting Expert
Oldtimer in the tech and science press, Claudiu is focused on whatever comes new from Microsoft.
His abrupt interest in computers started when he saw the first Home Computer as a kid. However, his passion for Windows and everything related became obvious when he became a sys admin in a computer science high school.
With 14 years of experience in writing about everything there is to know about science and technology, Claudiu also likes rock music, chilling in the garden, and Star Wars. May the force be with you, always!
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Claudiu Andone
Windows Toubleshooting Expert
Oldtimer in the tech and science press, with 14 years of experience in writing on everything there is to know about science, technology, and Microsoft
