Industry Updates

Attachment Extensions Carrying Malware Banned On Microsoft Outlook

One of the most common means by which malware winds up on the computers of its victims is via an email attachment.  All it takes is one careless moment.  One click to open a file that turns out to be poisoned and you’re in for a world of trouble.

That’s the exact reason why email providers tend to be incredibly selective about what kinds of attachments their services allow.

Microsoft recently announced that they’re further restricting their number of allowable extension types, placing a total of 36 additional file extensions.  That’s thirty-eight new file types you won’t be able to download via Outlook Web, and it brings the total number of blocked file types up to 140.

The company had this to say about the matter:

“We’re always evaluating ways to improve security for our customers and so we took the time to audit the existing blocked file list and update it to better reflect the file types we see as risks today.”

The good news is that you’re unlikely to notice the impact of the new additions, even though it sounds like a big increase.  That’s because most of the extensions the company plans to adopt are fairly exotic and seldom used.  When they are used, at least a significant percentage of the time, they’re used by hackers for nefarious purposes.

Here’s a list of the extensions Microsoft plans to add to the list:

  • .py
  • .pyc
  • .pyo
  • .pyw
  • .pyz
  • .pyzw
  • .ps1
  • .ps1xml
  • .ps2
  • .ps2xml
  • .psc1
  • .psc2
  • .psd1
  • .psdm1
  • .cer
  • .crt
  • .der
  • .jar
  • .jnlp
  • .appcontent-ms
  • .settingcontent-ms
  • .cnt
  • .hpj
  • .website
  • .webpnp
  • .mcf
  • .printerexport
  • .pl
  • .theme
  • .vbp
  • .xbap
  • .xll
  • .xnk
  • .msc
  • .diagcab
  • .grp

Again, most people have probably never even heard of, and don’t use these extensions anyway, so it shouldn’t have a huge or visible impact, but be aware that the change is coming.