Microsoft Windows Server | WI660653

Impact: Office updates released July 11, 2023 introduce this behavior by design due to the new security protections Originating KB URL: N/A Originating Build: N/A Resolved KB URL: N/A Date Resolved: 2023-07-25T18:14:16.2404805-07:00 Vendor Message History: ======================= Published: 2023-07-26T01:14:47.93+00:00 ---------------------------------------- When clicking on links in emails in Microsoft Outlook, you might receive an error message with the text “Something unexpected went wrong with this URL”. Opening links in emails on Microsoft Outlook may also display an error stating "Microsoft Office has identified a potential security concern. This location may be unsafe." As a result of Microsoft Office security hardening changes, hyperlinks which contain fully-qualified domain name (FQDN) or IP address will display this message. This is due to protections released July 11, 2023. Please note: This behavior is caused by a protection update in Outlook released July 11, 2023. It is not caused by Windows Updates. Resolution: These messages are displayed as part of recent Office security changes. Details can be seen in KB article Outlook blocks opening FQDN and IP address hyperlinks after installing protections for Microsoft Outlook Security Feature Bypass Vulnerability released July 11, 2023 (https://support.microsoft.com/office/outlook-blocks-opening-fqdn-and-ip-address-hyperlinks-after-installing-protections-for-microsoft-outlook-security-feature-bypass-vulnerability-released-july-11-2023-4a5160b4-76d0-465b-9809-60837bbd35a8). In order to ensure continued access to files on FQDN or IP address paths, add those URLs to the Trusted Sites zone in accordance with Windows guidance. An Intranet site is identified as an Internet site when you use an FQDN or an IP address. This can be accomplished with the following steps: 1. Open the "Internet Properties" settings. This can be done in one of the following ways: a. Open "Control Panel" from the start menu and select "Internet Options" under "Network and Internet" b. On your keyboard, press and hold the Windows key, then press the letter S. In the search dialog that appears, type "Internet Properties" and select the first result. 2. Click the Security tab, then select Trusted Sites. 3. Under "Add this website to the zone", add the URL, UNC, FQDN path that you want to allow. For example, add: file://server.usa.corp.com Note: If the entry you wish to add does not explicitly start with ‘https:’, you must first uncheck the ‘Require server verification (https) for all sites in this zone’ checkbox before it can be saved. This workaround can also be deployed via group policy. See policy: \\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List on the Group Policy Search site (https://gpsearch.azurewebsites.net/Default.aspx?PolicyID=1492). For additional information see the respective CVEs below. - MSRC CVE-2023-33151 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33151): Microsoft Outlook Spoofing Vulnerability - MSRC CVE-2023-35311 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35311): Microsoft Outlook Security Feature Bypass Vulnerability - KB5002427 (https://support.microsoft.com/help/5002427): Description of the security update for Outlook 2016: July 11, 2023 (KB5002427) - KB5002432 (https://support.microsoft.com/help/5002432): Description of the security update for Outlook 2013: July 11, 2023 (KB5002432) Affected platforms: - Client: Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2 - Server: None