I have always been a proponent for using web-based Outlook instead of the local thick client for performance, data consistency, and troubleshooting reasons. Security is another reason to make the switch. Microsoft Outlook for Web will now block an additional 38 file extensions in email attachments. Blocking these extensions protect its email users from becoming a victim of malicious scripts or executables attached or embedded in emails.
Some common extensions currently blocked in the list of 104 include .exe, .url, .com, .cmd, .asp, .lnk, .js, .jar, .tmp, .app, .isp, .hlp, .pif, .msi, .msh.
The new 38 blacklisted extensions are affiliated with the following programs:
- Python scripting language: “.py”, “.pyc”, “.pyo”, “.pyw”, “.pyz”, “.pyzw”
- PowerShell scripting language: “.ps1”, “.ps1xml”, “.ps2”, “.ps2xml”, “.psc1”, “.psc2”, “.psd1”, “.psdm1”, “.psd1”, “.psdm1”
- Digital certificates: “.cer”, “.crt”, “.der”
- Java programming language: “.jar”, “.jnlp”
- Various applications: “.appcontent-ms”, “.settingcontent-ms”, “.cnt”, “.hpj”, “.website”, “.webpnp”, “.mcf”, “.printerexport”, “.pl”, “.theme”, “.vbp”, “.xbap”, “.xll”, “.xnk”, “.msu”, “.diagcab”, “.grp”
These are not extensions I see a normal end user sending as part of their daily operations, this blacklisting change should be transparent to users. For any reason, the Exchange admin can whitelist a blacklisted extension.
https://thehackernews.com/2019/09/email-attachment-malware.html
Leave a Reply
You must be logged in to post a comment.