Cyber Security

Microsoft bans 38 file extensions in Outlook for Web


Microsoft has planned to blacklist 38 additional file extensions by adding them to their list of file extensions which are blocked from being downloaded as attachments in Outlook on the Web.

Outlook on the Web which was earlier known as Outlook Web Application or OWA is the Microsoft’s web-based email client to access the user’s emails, calendars, tasks and contacts from Microsoft’s on-premises Exchange Server and cloud-based Exchange Online.

The list had previously included 104 file extensions and the new entries are file types that are regularly used to deliver malware to Outlook inboxes.

When these file extensions are added to the list, the users won’t be able to download any of these types of files from their inboxes — unless the Outlook/Exchange administrator has whitelisted a particular file extension on purpose, using a special config.

The Microsoft Exchange team stated that the newly blocked file types are rarely used and so most organizations will not be affected by the change.

The 38 new file extensions that will be banned in Outlook for the web includes:

Java files: “.jar”, “.jnlp”

Python files: “.py”, “.pyc”, “.pyo”, “.pyw”, “.pyz”, “.pyzw”

PowerShell files: “.ps1”, “.ps1xml”, “.ps2”, “.ps2xml”, “.psc1”, “.psc2”, “.psd1”, “.psdm1”, “.psd1”, “.psdm1”

Digital certificates: “.cer”, “.crt”, “.der”

Files used to exploit vulnerabilities in third-party software: “.appcontent-ms”, “.settingcontent-ms”, “.cnt”, “.hpj”, “.website”, “.webpnp”, “.mcf”, “.printerexport”, “.pl”, “.theme”, “.vbp”, “.xbap”, “.xll”, “.xnk”, “.msu”, “.diagcab”, “.grp”

Microsoft did not state when the 38 new file types will be added to the Outlook ban list.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    DoorDash Data Breach exposed 5 million user’s information

    Previous article

    Unpatchable jailbreak released for all iOS devices

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *