This morning we have started to see issues to accessing links within emails. Björn had linked in his comment to the discussion thread Outlook Hyperlinks – Not Working on, where a user reports the same. I read a similar entry in the following thread. Local files lead to a security message just like "external" links… – after uninstalling KB5002427 everything works. Links pointing to files on network drives(dfs) cause an error message (unexpected error file:///\\ …) and nothing happens. Is anyone else having problems opening links in Outlook since the recent Outlook updates? Outlook suddenly reports that a policy prevents opening.Īnd blog reader Stefan adds in this comment that the problem is even more extensive and wrote: On Mastodon, Nightfighter, who is also suffering from the update, chimed in with the following comment (translated): Headline: "Security Advisory for Microsoft Outlook" and in the text: "Microsoft Office has detected a potential security risk. Since the Office update, when clicking on a link in an e-mail (in our case an internal file on the file server), a pop-up window appears. German blog reader RobertB had posted a similar comment in the discussion area of the blog – which I'll pull out the translated version below: Trusted locations added via GPO in Office don't fix it, and there's no such option under Outlook itself. KB5002427 causes a security warning to appear when trying to open links in Outlook. Juli 2023) I received a comment from German blog reader Björn, that reads translated as follow: Shortly I published the German blog post Microsoft Office Updates (11. However, the security update breaks links (and shares) in Microsoft Outlook, they can't to no longer opened. It's just that I didn't consistently document these updates here on the blog. The issue also affects Click-2-Run installations if they were upgraded to the latest build via Office. I've listed update KB5002427 for Outlook 2016 here because I got the first notices about it. These updates are listed in the linked CVE pages. However, Microsoft has also rolled out a a new build for Click-2-Run installations to fix the vulnerabilities. Update KB5002427 rolled out for MSI installations of Microsoft Office 2016 via Windows Update is mentioned in the blog post Microsoft Office Updates (July 11, 2023). Even an attack via the preview window in Outlook seems possible if the user accepts a warning. CVE-2023-35311: Microsoft Outlook Security Feature Bypass vulnerability CVS3.1 Index 8.2 If the user clicks on a link to a specially crafted URL, an attacker could bypass Microsoft Outlook's security warning.Even an attack via the preview window in Outlook seems possible if the user plays along. CVE-2023-33151: Microsoft Outlook Spoofing vulnerability CVS3.1 Index 5.7 If the user clicks on a prepared link with a URL, an attacker could spoof information (e.g.Update KB5002427 update was released on Jfor Outlook 2016 and is intended to address the following two vulnerabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |