Microsoft has shared a workaround for Outlook Desktop that blocks attempts to open IP address or fully qualified domain name (FQDN) hyperlinks after installing this month’s security updates.
“Outlook blocks opening of FQDN and IP address hyperlinks after installing protections for Microsoft Outlook security feature bypass vulnerability released July 11, 2023,” the company said. said.
On affected systems, Outlook for Microsoft 365 users will see silent failures, be warned that the location may be unsafe, or see “Something unexpectedly went wrong with this URL” errors.
This only happens when you click on links in emails in Outlook Desktop if the path leads to a FQDN, IP address, or hostname path.
More information can be found in the database articles published by Microsoft with details on CVE-2023-33151 Outlook spoofing vulnerability and CVE-2023-35311 Outlook Security Feature Bypass Vulnerability.
Redmond is also providing affected customers with an interim fix to work around this known issue and allow all hyperlinks to work as expected.
However, the company warns that applying the workaround could increase the attack surface on affected systems.
“This workaround may make a computer or network more vulnerable to attack by malicious users or malicious software such as viruses,” Microsoft warned.
“Make sure the FQDN or IP address you add to Trusted Sites is a valid URL path for your business or network.”
To temporarily ensure that links to files hosted on FQDN or IP paths are still accessible after installing the July 11 Outlook Desktop security updates, affected users should follow these steps to add the URLs to the Trusted sites zone:
- Go to Windows Settings.
- Search and open internet-options.
- Click it Security tab, then select Trusted sites.
- Add the URL, UNC or FQDN path you want to allow to “Add this website to the zone” (For example, add file://server.usa.corp.com)
This workaround can also be deployed using the Site-to-zone assignment list Group Policy, but administrators are advised to ensure that all values are valid before deployment.
Last month, Redmond shared another interim fix for a known issue affecting Outlook for Microsoft 365 clients causing slow startups and freezes.