Microsoft has planned to blacklist 38 additional file extensions by adding them to their list of file extensions which are blocked from being downloaded as attachments in Outlook on the Web.
Outlook on the Web which was earlier known as Outlook Web Application or OWA is the Microsoft’s web-based email client to access the user’s emails, calendars, tasks and contacts from Microsoft’s on-premises Exchange Server and cloud-based Exchange Online.
The list had previously included 104 file extensions and the new entries are file types that are regularly used to deliver malware to Outlook inboxes.
When these file extensions are added to the list, the users won’t be able to download any of these types of files from their inboxes — unless the Outlook/Exchange administrator has whitelisted a particular file extension on purpose, using a special config.
The Microsoft Exchange team stated that the newly blocked file types are rarely used and so most organizations will not be affected by the change.
The 38 new file extensions that will be banned in Outlook for the web includes:
Java files: “.jar”, “.jnlp”
Python files: “.py”, “.pyc”, “.pyo”, “.pyw”, “.pyz”, “.pyzw”
PowerShell files: “.ps1”, “.ps1xml”, “.ps2”, “.ps2xml”, “.psc1”, “.psc2”, “.psd1”, “.psdm1”, “.psd1”, “.psdm1”
Digital certificates: “.cer”, “.crt”, “.der”
Files used to exploit vulnerabilities in third-party software: “.appcontent-ms”, “.settingcontent-ms”, “.cnt”, “.hpj”, “.website”, “.webpnp”, “.mcf”, “.printerexport”, “.pl”, “.theme”, “.vbp”, “.xbap”, “.xll”, “.xnk”, “.msu”, “.diagcab”, “.grp”
Microsoft did not state when the 38 new file types will be added to the Outlook ban list.
Comments