Microsoft Provides Solution For Outlook Link Bug

Users who have been having trouble opening hyperlinks in Outlook since this month’s Office security updates are now presented with a solution. However, you have to take action yourself – we explain how to do this.

Problems with Outlook desktop app only

Since the start of the security updates released by Microsoft at the beginning of the month, users of the Outlook desktop app have had problems opening links. The reason for this is changes in the security protocol. However, this can cause Outlook to block opening hyperlinks to IP addresses or fully qualified domain names (FQDN).

According to a support document, “Outlook blocks the opening of FQDN and IP address hyperlinks after installing mitigations for the Microsoft Outlook security feature Bypass Vulnerability released on July 11, 2023,” the company said.

On the affected systems, users of Outlook for Microsoft 365 then see warnings that the location may be unsafe or receive the error message “Something unexpected went wrong at this URL”. For more information, see the knowledge base for the details of vulnerability CVE-2023-33151 (Outlook Spoofing) and CVE-2023-35311 (Outlook Security Feature Bypass Vulnerability).

In order to use the links normally again, there is the following temporary solution:

Workaround hyperlink bug

  • Go to Windows Settings.
  • Look for Internet Options and open it.
  • Click the Security tab, and then select Trusted Sites.
  • Add the URL, UNC, and FQDN path you want to allow to add “Add this website to the zone”. For example, add file:// as a trusted site.
  • Note: If the entry you want to add does not explicitly start with “https:”, you must first uncheck the “Require server verification (https) for all sites in this zone” check box before it can be saved.
  • This workaround can also be deployed via Group Policy:
    • GPO: User Configuration
    • Policy: \\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List

However, Microsoft warns that using this workaround may increase the attack surface on affected systems: “This workaround may make a computer or network more vulnerable to attack by malicious users or malicious software such as viruses,” Microsoft writes.