Advisory ID: NCC-CSIRT-120224-004
Summary:
Microsoft is currently examining an issue where Outlook security alerts are triggered when attempting to open .ICS calendar files subsequent to installing the December 2023 Patch Tuesday Office security updates. An ICS file is a file format for iCalendar in Outlook. Those impacted encounter dialog boxes cautioning them that "Microsoft Office has identified a potential security concern" and that "This location may be unsafe" upon double-clicking locally saved ICS files.
Threat Type(s): Vulnerability
Impact/Vulnerability: HIGH/CRITICAL
Product(s): Microsoft 365
Platform(s): Microsoft Outlook
Version(s): All Versions.
Description:
Upon deploying a security update addressing the Microsoft Outlook information disclosure vulnerability (CVE-2023-35636), the security warning will be displaced. Failure to apply the patch may enable attackers to exploit the vulnerability, potentially tricking users with unpatched Outlook installations into opening maliciously crafted files, thereby compromising their hidden Windows credentials.
Consequences: The attackers can use the victim’s obfuscated Windows credentials to authenticate as the compromised user, gain access to sensitive data, or spread laterally on their network.
Solution:
Impacted users can disable the dialog by following the step-by-step instructions available in the link below:
- https://support.microsoft.com/en-us/office/outlook-prompts-security-notice-opening-ics-files-after-installing-protections-for-microsoft-outlook-information-disclosure-vulnerability-released-dec-12-2023-df8647ef-1828-421b-a266-79120b6190bd
- https://learn.microsoft.com/en-us/answers/questions/1521137/how-can-i-avoid-outlooks-security-warning-on-a-ics
- https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-december-updates-trigger-ics-security-alerts/