Microsoft bans several new file extensions in Outlook

In News

Microsoft is banning almost 40 new types of file extensions on its Outlook email platform. The aim is to protect email users from what it deems “at-risk” file attachments, which are typically sent with malicious scripts or executables.

 

The move will prevent users from downloading email attachments with various file extensions, including ones associated with Python, PowerShell, digital certificates, Java and more. Overall, Microsoft had blocked 104 file extensions from Outlook, including .exe, .url, .lnk, and more. With these newest extensions, that number will now rise to 142.

“We’re always evaluating ways to improve security for our customers, and so we took the time to audit the existing blocked file list and update it to better reflect the file types we see as risks today,” Microsoft said.

Many of these newly-blocked file types are rarely used, so most organizations will not be affected by the change: “However, if your users are sending and receiving affected attachments, they will report that they are no longer able to download them,” it said.

Microsoft will also block various extensions being used by vulnerable applications, which could be used to exploit security vulnerabilities in third-party software, including: “.appcontent-ms”, “.settingcontent-ms”, “.cnt”, “.hpj”, “.website”, “.webpnp”, “.mcf”, “.printerexport”, “.pl”, “.theme”, “.vbp”, “.xbap”, “.xll”, “.xnk”, “.msu”, “.diagcab”, “.grp”

For these extensions, 38 in all, “while the associated vulnerabilities have been patched (for years, in most cases), they are being blocked for the benefit of organizations that might still have older versions of the application software in use,” Microsoft said.

Comments

You may also read!

Kaspersky in partnership with Area9 Lyceum unveils Kaspersky Adaptive Online Training

Kaspersky has unveiled its new Kaspersky Adaptive Online Training, developed in partnership with Area9 Lyceum. The solution generates a

Read More...

SentinelOne chosen as the official cybersecurity provider to Aston Martin Lagonda

SentinelOne has been announced as the official cybersecurity provider to British luxury car manufacturer, Aston Martin Lagonda, deploying the

Read More...

Tenable ranked number one for device vulnerability management for 2019

Tenable, Inc. today announced that it has been ranked #1 for device vulnerability management for 2019 market share in

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu