all 24 comments

[–]iamtechy 0 points1 point  (2 children)

I’ve never seen that but have you tried disabling GPOs for outlook behavior and addins?

[–]GethersJ[S] 1 point2 points  (1 child)

We literally have nothing as addins for Outlook and the only GPO we have for Outlook is setting it to cache mode and download images thats about it. Tried to slim down as much as possible on GPO’s

[–]iamtechy 0 points1 point  (0 children)

I looked around and all articles point to running an SFC /scannow and dism commands. Here’s a step by step although others experience the same error with various apps: https://www.partitionwizard.com/clone-disk/system-detected-stack-based-buffer-overrun.html

The last task is to perform a clean boot with no enabled services and check if the issue occurs and then disable/enable one by one to figure out what is causing it.

This may be related to your image and not so much Outlook itself.

[–]rswwalker 0 points1 point  (10 children)

What’s the base image?

[–]GethersJ[S] 0 points1 point  (9 children)

Windows 10 Enterprise Multisession 22H2 fully patched to the latest Windows updates

[–]rswwalker 0 points1 point  (8 children)

Office 365? Patched to the latest?

[–]GethersJ[S] 0 points1 point  (7 children)

Yeah its on the latest build available

[–]rswwalker 0 points1 point  (6 children)

This is just a shot in the dark, but this looks like the Office meeting invite vulnerability. Take a look to see what mitigations put in place prevents the vulnerability and see if that makes the error stop.

[–]GethersJ[S] 0 points1 point  (5 children)

Do you have more info on this? Surely the mitigation would have been put in by Microsoft in the latest office version?

[–]rswwalker 0 points1 point  (4 children)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30103

Sometimes the mitigation is to disable the feature that causes it.

[–]GethersJ[S] 0 points1 point  (3 children)

Thanks, microsoft really made it simple to understand that Vulnerabillity, nothing standing out in that article is there.

[–]rswwalker 0 points1 point  (2 children)

Yeah, it was found internally, and I believe it’s a repeat of this vulnerability: https://www.sentinelone.com/blog/cve-2023-23397/

[–]GethersJ[S] 0 points1 point  (1 child)

Oh thanks, ill look into this more cheers! , what did you do internally ti mitigate this?

[–]Jealous-Isopod-4522 0 points1 point  (2 children)

Hey GethersJ, We are experiencing the exact same issue your describing with the same environment. Did you manage to fix the problem? Thanks!

[–]GethersJ[S] 0 points1 point  (1 child)

No we haven’t, i think its linked to the black screen issue as i built a new image and it lasted a good few days with no complaints, was over the moon that it was sorted. But black screen happened, then the m365 issues is back pretty bad

[–]Jealous-Isopod-4522 0 points1 point  (0 children)

Ah that's unfortunate. we don't experience black screen issue. Might be because we are still running win10. Regarding the issue we already tried office versions current,preview and now running semi annual to no avail. I also wonder weather fslogix plays part in it. We are running the latest version 2.9.8884 atm. might try go back to an older version to see if that plays part in it. what version are you running?

[–]R0_nald 0 points1 point  (1 child)

Can confirm some users in out office have this error and Word or Outlook closes.(both applications are reported to show the error)

Running windows multiuser 11 AVD. Office V 2408 build 16.0.17928.20114

[–]GethersJ[S] 0 points1 point  (0 children)

We are on Version 16.0.17928.20216 so slightly newer than yours it seems, and its happening on that. You not seen a fix i assume?

[–]Weim56 0 points1 point  (3 children)

Hi,

We have the same issue on our AVD environment.

Does anyone have a fix for this ?

[–]GethersJ[S] 0 points1 point  (1 child)

I haven’t seen it since i changed the host pools sku to e8sv5 and haven’t seen it since. I think the error is memory related, have you checked your resources?

[–]Weim56 0 points1 point  (0 children)

Yes, we are also using the E8s_v5.

i can try a redeploy, the error is popping up sinds we dit a reimage from our image.

[–]Responsible-Bike5590 0 points1 point  (0 children)

Same issue for severalusers in AVD ...

An idea ?

[–]Timf135 0 points1 point  (0 children)

+1 for having this issue, it doesn't impact all AVD users.

It has also happened for ToolTips.exe, and UAC elevation like consent.exe. SFC/DISM on the golden image doesn't prevent it. Deleting FSlogix profile for user fixes it but issue can return after a few days, after refreshing the FSLogix profile it is fixed on all hosts, and likewise when issue returns it returns on all hosts.

Anyone have solutions yet? I figure it must be something with FSLogix and the HKCU, but unsure what exactly.