Microsoft to Block Additional File Types in Outlook on the Web


Microsoft announced plans to add new file extensions to the list of file types that are blocked in Outlook on the web.

Once the change is undergone, it will immediately result in Outlook on the web users no longer being allowed to download attachments that have those file extensions.

The newly blocked file types are rarely used, which means that the modification will have no impact on most organizations.

File types affected by the change include ones used by programing languages: ".py", ".pyc", ".pyo", ".pyw", ".pyz", ".pyzw" (all used by Python); ".ps1", ".ps1xml", ".ps2", ".ps2xml", ".psc1", ".psc2", ".psd1", ".psdm1", ".psd1", ".psdm1", “.cdxml” and “.pssc” (all used by PowerShell); and ".jar" and ".jnlp" (both used by Java).

Moreover, the tech giant will block “.appref-ms” (used by Windows ClickOnce), “.udl” (Microsoft Data Access Components (MDAC)), “.wsb” (Windows sandbox), and ".cer", ".crt" and ".der" (used by digital certificates).

Microsoft also decided to block ".appcontent-ms", ".settingcontent-ms", ".cnt", ".hpj", ".website", ".webpnp", ".mcf", ".printerexport", ".pl", ".theme", ".vbp", ".xbap", ".xll", ".xnk", ".msu", ".diagcab" and ".grp". These are used by various applications and, while associated flaws have been patched, some organizations might still use older versions of the software.

Provided that users do complain about their inability to download those file types and that the organization wants to allow for the use of a particular file type, admins will have the option to add specific extensions to the AllowedFileTypes property of users' OwaMailboxPolicy objects.



Source: Security Week