Microsoft is investigating a security issue that could reveal users’ passwords

Microsoft has reported a security advisory in Outlook that occurs after installing the security updates released in December. Known as CVE-2023-35636, this issue is classified as important and could allow the disclosure of NTLM hashes (which store passwords on devices), although its exploitation by cybercriminals is unlikely.

Microsoft 365 DOWNLOAD

According to Windows Report, the error occurs when clicking on a .ICS file, displaying the following message: “Microsoft Office has identified a potential security concern. This location may not be safe.” However, the security warning or vulnerability itself does not pose a threat unless you open a specific file from an attacker.

Microsoft has also published a recommendation on how to stop receiving this message by changing a registry key. To do this, users must open the Registry Editor (by searching for it in the search bar) and go to the following path (without the quotes): “HKEY_CURRENT_USERsoftwarepoliciesmicrosoftoffice16.0commonsecurity”. Once there, we must look for the DWORD “DisableHyperlinkWarning” and change its value to 1.

Microsoft 365 DOWNLOAD

However, it should be noted that by changing this DWORD in the registry, all security warnings from Microsoft Office will be disabled, not just those for .ICS files. Microsoft is aware of this issue and claims that it will be fixed in a future update.