Microsoft is investigating an Outlook security vulnerability that would ultimately reveal your Home windows passwords

Microsoft prompted a security discover in Outlook that happens after putting in the December security updates.

This concern is assessed because the CVE-2023-35636 which is listed as vital and it’s much less prone to be exploited, though whether it is, it might enable the disclosure of NTLM hashes.

A NTLM hash is a cryptographic format utilized by Home windows to retailer passwords, and we don’t must inform you how vital it’s to maintain them protected. They’re saved within the Safety Account Supervisor or the NTDS file of a website controller. 

What’s the Outlook vulnerability all about?

The error happens once you click on an .ICS file and you may be prompted with the next message: Microsoft Workplace has recognized a possible security concern. This location could also be unsafe.

Nonetheless, the security discover or the vunerability itself shouldn’t be threatening until you open a particular file comming from an attacker.

Microsoft additionally issued a advice on the right way to cease getting this message, by altering a registry key. Open the Registry Editor by typing regedit within the Run console (Ctrl + R). Then, go to the next path: HKEY_CURRENT_USERsoftwarepoliciesmicrosoftoffice16.0commonsecurity

Now, search for the DisableHyperlinkWarning DWORD and alter its worth to 1.

The one concern is that by altering this DWORD within the registry, you’ll disable all of the security warnings in Workplace, not solely the one for the .ICS recordsdata.

Microsoft acknowledged this concern and it is going to be addressed in a future replace so be sure to set up all the newest Microsoft 365 updates everytime you get them. Additionally, after the replace retrace the steps above to reenable the Hyperlink Warning. Simply change the DWORD worth to 0 to do this.

Did you get the vulnerability warning in Outlook? Inform us about the issue within the feedback part under.