Microsoft has resolved a problem within Outlook that generated unwarranted security warnings when handling .ICS calendar files. This issue stemmed from the December 2023 security patch intended to close the CVE-2023-35636 vulnerability, a flaw attackers could use to steal sensitive user credentials.
The fix is currently released in the Beta Channel for Outlook for Microsoft 365 (Version 2404 Build 17531.20000). It’s scheduled to arrive in the Current Channel on April 30th, and a June 2024 update will bring the solution to the Semi-Annual Enterprise Channel (Preview).
Temporary Workaround
Until the official fix reaches all users, Microsoft provides a registry key workaround. Caution: This workaround will suppress security notifications for all potentially risky file types, not just .ICS files.
Additional Fixes
Microsoft’s recent efforts also include resolving Outlook desktop synchronization problems with Exchange ActiveSync and addressing Outlook.com connection issues. These fixes demonstrate Microsoft’s ongoing commitment to addressing bugs and vulnerabilities within the Outlook email platform.