Stories
Slash Boxes
Comments

SoylentNews is people

Microsoft Blacklists Dozens of New File Extensions in Outlook

posted by janrinok on Saturday September 28 2019, @08:41PM   Printer-friendly
from the check-that-you-don't-need-them dept.

"exec" has found the following story:

In total, Microsoft has now blocked 142 file extensions that it deems as at risk or that are typically sent as malicious attachments in emails.

Microsoft is banning almost 40 new types of file extensions on its Outlook email platform. The aim is to protect email users from what it deems "at-risk" file attachments, which are typically sent with malicious scripts or executables.

The move will prevent users from downloading email attachments with various file extensions, including ones associated with Python, PowerShell, digital certificates, Java and more. Overall, Microsoft had blocked 104 file extensions from Outlook (a full list of which can be found here), including .exe, .url, .lnk, and more. With these newest extensions, that number will now rise to 142.

"We're always evaluating ways to improve security for our customers, and so we took the time to audit the existing blocked file list and update it to better reflect the file types we see as risks today," said Microsoft in a post this week.

Microsoft said that many of these newly-blocked file types are rarely used, so most organizations will not be affected by the change: "However, if your users are sending and receiving affected attachments, they will report that they are no longer able to download them," it said.

[...] Newly blocked file extensions include:

  • Python scripting language: “.py”, “.pyc”, “.pyo”, “.pyw”, “.pyz”, “.pyzw”
  • PowerShell scripting language:”.ps1″, “.ps1xml”, “.ps2”, “.ps2xml”, “.psc1”, “.psc2”, “.psd1”, “.psdm1”, “.psd1”, “.psdm1”, “.cdxml”, “.pssc”
  • Java programming language: “.jar”, “.jnlp”
  • digital certificates: “.cer”, “.crt”, “.der”
  • Windows ClickOnce (“.appref-ms”)
  • Microsoft Data Access Components (“.udl”)
  • Windows Sandbox (“.wsb”)

Microsoft will also block various extensions being used by vulnerable applications, which could be used to exploit security vulnerabilities in third-party software, including: ".appcontent-ms", ".settingcontent-ms", ".cnt", ".hpj", ".website", ".webpnp", ".mcf", ".printerexport", ".pl", ".theme", ".vbp", ".xbap", ".xll", ".xnk", ".msu", ".diagcab", ".grp"

For these extensions, 38 in all, "while the associated vulnerabilities have been patched (for years, in most cases), they are being blocked for the benefit of organizations that might still have older versions of the application software in use," Microsoft said.

-- submitted from IRC

Original Submission

 
This discussion has been archived. No new comments can be posted.
Microsoft Blacklists Dozens of New File Extensions in Outlook | Log In/Create an Account | Top | 58 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by dry on Monday September 30 2019, @04:10AM

    by dry (223) on Monday September 30 2019, @04:10AM (#900671) Journal

    Google does block this type of stuff, even blocked a renamed OS/2 DLL recently. I think they're running file on stuff. This is as a hobbyist, not work related and when someone posts an attachment to a mailing list and all the gmail users accounts bounce it, its Google.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2