SoylentNews is people
SoylentNews
Submission Preview
Microsoft Blacklists Dozens of New File Extensions in Outlook
Story automatically generated by StoryBot Version 0.2.2 rel Testing.
Storybot ('Arthur T Knackerbracket') has been converted to Python3
Note: This is the complete story and will need further editing. It may also be covered
by Copyright and thus should be acknowledged and quoted rather than printed in its entirety.
FeedSource: [Threatpost]
Time: 2019-09-27 14:45:07 UTC
Original URL: https://threatpost.com/microsoft-blacklists-dozens-of-new-file-extensions-in-outlook/148737/ [threatpost.com] using UTF-8 encoding.
Title: Microsoft Blacklists Dozens of New File Extensions in Outlook
--- --- --- --- --- --- --- Entire Story Below --- --- --- --- --- --- ---
Microsoft Blacklists Dozens of New File Extensions in Outlook
Arthur T Knackerbracket has found the following story [threatpost.com]:
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy [threatpost.com]. In addition, you will find them in the message confirming the subscription to the newsletter.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy [threatpost.com]. In addition, you will find them in the message confirming the subscription to the newsletter.
In total, Microsoft has now blocked 142 file extensions that it deems as at risk or that are typically sent as malicious attachments in emails.
Microsoft is banning almost 40 new types of file extensions on its Outlook email platform. The aim is to protect email users from what it deems “at-risk” file attachments, which are typically sent with malicious scripts or executables.
The move will prevent users from downloading email attachments with various file extensions, including ones associated with Python, PowerShell, digital certificates, Java and more. Overall, Microsoft had blocked 104 file extensions from Outlook (a full list of which can be found here [office.com]), including .exe, .url, .lnk, and more. With these newest extensions, that number will now rise to 142.
“We’re always evaluating ways to improve security for our customers, and so we took the time to audit the existing blocked file list and update it to better reflect the file types we see as risks today,” said Microsoft in a post this week [microsoft.com].
Microsoft said that many of these newly-blocked file types are rarely used, so most organizations will not be affected by the change: “However, if your users are sending and receiving affected attachments, they will report that they are no longer able to download them,” it said.
Read about changes to file types blocked in Outlook on the web, which will prevent download of attachments with file extensions associated with Python, PowerShell, digital certificates, Java, etc. Learn how this can affect you and how you can prepare: https://t.co/wiVt8B0Quc [t.co]
— Microsoft Security Intelligence (@MsftSecIntel) September 25, 2019 [twitter.com]
Newly blocked file extensions include:
Microsoft will also block various extensions being used by vulnerable applications, which could be used to exploit security vulnerabilities in third-party software, including: “.appcontent-ms”, “.settingcontent-ms”, “.cnt”, “.hpj”, “.website”, “.webpnp”, “.mcf”, “.printerexport”, “.pl”, “.theme”, “.vbp”, “.xbap”, “.xll”, “.xnk”, “.msu”, “.diagcab”, “.grp”
For these extensions, 38 in all, “while the associated vulnerabilities have been patched (for years, in most cases), they are being blocked for the benefit of organizations that might still have older versions of the application software in use,” Microsoft said.
Blocking certain file extensions is fairly common for email providers as they aim to protect email users from malicious attachments: In fact, Google has a similar policy for its Gmail email service and has blocked certain types of files [google.com], including their compressed form (like .gz or .bz2 files) or when found within archives (like .zip or .tgz files).
Fileless threat leverages widely used Node.js framework and WinDivert packet-capture utility to turn infected machines into proxies for malicious behavior.
Microsoft has issued a patch for an Internet Explorer remote code execution flaw that is being actively exploited in the wild.
A spearphishing campaign first uncovered in July is hitting more utilities firms and spreading the LookBack malware, which has capabilities to view system data and reboot machines.
Join thousands of people who receive the latest breaking cybersecurity news every day.
On this week’s news wrap, top stories include:
-The re-emergence of #GandCrab [twitter.com]’s authors
-A spearphishing campaign h… https://t.co/LSe9x7WCpg [t.co]2 hours ago
Get the latest breaking news delivered daily to your inbox.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
-- submitted from IRC
