{"id":30718,"date":"2023-07-19T22:16:34","date_gmt":"2023-07-19T20:16:34","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=30718"},"modified":"2023-07-19T22:20:46","modified_gmt":"2023-07-19T20:20:46","slug":"outlook-2016-links-broken-after-update-from-july-11-2023-kb5002427-security-warning-appears-when-clicking-links","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/07\/19\/outlook-2016-links-broken-after-update-from-july-11-2023-kb5002427-security-warning-appears-when-clicking-links\/","title":{"rendered":"Outlook 2016: Links broken after update from July 11, 2023 (KB5002427) &#8211; Security warning appears when clicking links"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2012\/07\/Office1.jpg\" width=\"55\" height=\"60\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2023\/07\/19\/outlook-2016-links-nach-update-vom-11-juli-2023-kb5002427-kaputt-sicherheitswarnung-erscheint-bei-linkanwahl\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]The security update KB5002427 for Outlook 2016 from July 11, 2023 (as well as the Click-2-Run updates of Office from the same date) cause an unpleasant bug. If the user wants to open links in Outlook 2016, the program displays a security notice. The links simply no longer work. The solution I know so far is to uninstall update KB5002427 (or the latest Office 365 build).<\/p>\n<p><!--more--><\/p>\n<h2>Outlook 2016 Update KB5002427<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg08.met.vgwort.de\/na\/cfc90b1621be4baf936dad22c85b029c\" alt=\"\" width=\"1\" height=\"1\" \/>Update KB5002427 update was released on July 11, 2023 for Outlook 2016 and is intended to address the following two vulnerabilities.<\/p>\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2023-33151\" target=\"_blank\" rel=\"noopener\">CVE-2023-33151<\/a>: Microsoft Outlook Spoofing vulnerability; CVS3.1 Index 5.7; If the user clicks on a prepared link with a URL, an attacker could spoof information (e.g. NetNTLMv2 hashes) from the system. Even an attack via the preview window in Outlook seems possible if the user plays along.<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2023-35311\" target=\"_blank\" rel=\"noopener\">CVE-2023-35311<\/a>: Microsoft Outlook Security Feature Bypass vulnerability; CVS3.1 Index 8.2; If the user clicks on a link to a specially crafted URL, an attacker could bypass Microsoft Outlook's security warning. Even an attack via the preview window in Outlook seems possible if the user accepts a warning.<\/li>\n<\/ul>\n<p>Update <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/description-of-the-security-update-for-outlook-2016-july-11-2023-kb5002427-455aa1c7-cf5c-4dc6-a141-188384dba3eb\" target=\"_blank\" rel=\"noopener\">KB5002427<\/a> rolled out for MSI installations of Microsoft Office 2016 via Windows Update is mentioned in the blog post <a href=\"https:\/\/borncity.com\/win\/2023\/07\/13\/microsoft-office-updates-july-11-2023\/\">Microsoft Office Updates (July 11, 2023)<\/a>. However, Microsoft has also rolled out a a new build for Click-2-Run installations to fix the vulnerabilities. These updates are listed in the <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2023-35311\" target=\"_blank\" rel=\"noopener\">linked CVE pages<\/a>.<\/p>\n<blockquote><p>I've listed update KB5002427 for Outlook 2016 here because I got the first notices about it. The issue also affects Click-2-Run installations if they were upgraded to the latest build via Office. It's just that I didn't consistently document these updates here on the blog.<\/p><\/blockquote>\n<h2>Links and Shares are broken<\/h2>\n<p>However, the security update breaks links (and shares) in Microsoft Outlook, they can't to no longer opened. Shortly I published the German blog post <a href=\"https:\/\/www.borncity.com\/blog\/2023\/07\/13\/microsoft-office-updates-11-juli-2023\/\" target=\"_blank\" rel=\"noopener\">Microsoft Office Updates (11. Juli 2023)<\/a> I received a comment from German blog reader <a href=\"https:\/\/www.borncity.com\/blog\/2023\/07\/13\/microsoft-office-updates-11-juli-2023\/#comment-152672\" target=\"_blank\" rel=\"noopener\">Bj\u00f6rn<\/a>, that reads translated as follow:<\/p>\n<blockquote><p>KB5002427 causes a security warning to appear when trying to open links in Outlook. Trusted locations added via GPO in Office don't fix it, and there's no such option under Outlook itself.<\/p><\/blockquote>\n<p>German blog reader RobertB had posted a similar comment in the discussion area of the blog &#8211; which I'll pull out the translated version below:<\/p>\n<blockquote><p>Outlook Pop-Up Window<\/p>\n<p>Since the Office update, when clicking on a link in an e-mail (in our case an internal file on the file server), a pop-up window appears. Headline: \"Security Advisory for Microsoft Outlook\" and in the text: \"Microsoft Office has detected a potential security risk. This location may not be secure.\"<\/p>\n<p>Haven't found anything about this yet.<\/p><\/blockquote>\n<p>On Mastodon, Nightfighter, who is also suffering from the update, chimed in with the following comment (translated):<\/p>\n<blockquote><p>Is anyone else having problems opening links in Outlook since the recent Outlook updates? Outlook suddenly reports that a policy prevents opening.<\/p><\/blockquote>\n<p>And blog reader Stefan adds in <a href=\"https:\/\/www.borncity.com\/blog\/2023\/07\/13\/microsoft-office-updates-11-juli-2023\/#comment-152793\" target=\"_blank\" rel=\"noopener\">this comment<\/a> that the problem is even more extensive and wrote:<\/p>\n<blockquote><p>If it were only security hints. Links pointing to files on network drives(dfs) cause an error message (unexpected error file:\/\/\/\\\\ &#8230;) and nothing happens. Local files lead to a security message just like \"external\" links&#8230; &#8211; after uninstalling KB5002427 everything works.<\/p><\/blockquote>\n<p>I read a similar entry in the following reddit.com thread. Bj\u00f6rn had linked in his comment to the discussion thread <a href=\"https:\/\/www.reddit.com\/r\/Outlook\/comments\/14xkleo\/outlook_hyperlinks_not_working\/\" target=\"_blank\" rel=\"noopener\">Outlook Hyperlinks &#8211; Not Working<\/a> on reddit.com, where a user reports the same.<\/p>\n<blockquote><p>This morning we have started to see issues to accessing links within emails. Our current setup is as follows &#8211;<\/p>\n<p>Our sharepoint drives are mapped as a folder structure using WebDav. Script designed to run each day check the drives exist and are still mapped or map the drives if they dont exist to the locations of both Work Drive &amp; Personal OneDrive. (Yes OneDrive i know &#8211; they dont like change).<\/p>\n<p>When users send out email reports they tend to add a link to that location of the file thats mapped (Webdav) within the email so it can be opened and viewed.<\/p>\n<p>As of this morning links no longer work and we are presented with the following error &#8211;<\/p><\/blockquote>\n<p>The observation is confirmed by other users. Another reddit.com thread <a href=\"https:\/\/www.reddit.com\/r\/sysadmin\/comments\/14yoa76\/unc_paths_in_outlook_now_showing_security_notice\/\" target=\"_blank\" rel=\"noopener\">UNC Paths in Outlook Now Showing Security Notice<\/a> meanwhile confirms this bug for Outlook2016 (version 2306 build 16.0.16529.20164) 64-bit (Click-2-Run variant) as well.<\/p>\n<h2>Uninstalling the update helps<\/h2>\n<p>The only solution I have found so far is to uninstall the security update KB5002427. For the Click-2-Run variants, the only thing left to do is to roll back to the previous Office build so that links in Outlook work again.<\/p>\n<p>There is a registry key under:<\/p>\n<p>HKCUSER\\SOFTWARE\\Policies\\Microsoft\\office\\16.0\\common\\security<\/p>\n<p>where you can set the 32 bit DWORD value <em>disablehyperlinkwarning <\/em>to 1; maybe it suppress the security warning (I haven't tested that).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The security update KB5002427 for Outlook 2016 from July 11, 2023 (as well as the Click-2-Run updates of Office from the same date) cause an unpleasant bug. If the user wants to open links in Outlook 2016, the program displays &hellip; <a href=\"https:\/\/borncity.com\/win\/2023\/07\/19\/outlook-2016-links-broken-after-update-from-july-11-2023-kb5002427-security-warning-appears-when-clicking-links\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[463,11,580,22],"tags":[47,395,195],"class_list":["post-30718","post","type-post","status-publish","format-standard","hentry","category-issue","category-office","category-security","category-update","tag-issue","tag-outlook","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/30718","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=30718"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/30718\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=30718"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=30718"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=30718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}