BlockedFileTypes: Malware or computer virus can infect your computer in several different ways, but one of the most common methods of its delivery is through malicious file attachments over emails that execute the malware when you open them. Therefore, to protect its users from malicious scripts and executable, Microsoft is planning to blacklist 38 additional file extensions by adding them to its list of file extensions that are blocked from being downloaded as attachments in Outlook on the Web.
Image Source: encrypted-tbn0.gstatic.com
Previously known as Outlook Web Application or OWA, “Outlook on the Web” is Microsoft’s web-based email client for users to access their emails, calendars, tasks and contacts from Microsoft’s on-premises Exchange Server and cloud-based Exchange Online. The list of blocked file extensions currently has 104 entries, including .exe, .url, .com, .cmd, .asp, .lnk, .js, .jar, .tmp, .app, .isp, .hlp, .pif, .msi, .msh, and more. Now, the expanded block list will also include 38 new extensions in an upcoming update, preventing Outlook on the Web users from downloading attachments that have any of these 142 file extensions, until or unless an Outlook or Microsoft Exchange Server administrator has whitelisted any of them on purpose by removing it from the BlockedFileTypes list.
Image Source: zdnet3.cbsistatic.com
Here’s the new file extensions added to the BlockedFileTypes list:
- File extensions used by the Python scripting language: .py, .pyc, .pyo, .pyw, .pyz, .pyzw
- Extensions used by the PowerShell scripting language: .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .psd1, .psdm1, .psd1, .psdm1
- Extensions used for digital certificates: .cer, .crt, .der
- Extensions used by the Java programming language: .jar, .jnlp
- Extensions used by various applications: .appcontent-ms, .settingcontent-ms, .cnt, .hpj, .website, .webpnp, .mcf, .printerexport, .pl, .theme, .vbp, .xbap, .xll, .xnk, .msu, .diagcab, .grp
- Microsoft writes that while the associated vulnerabilities with various applications have been patched, they are being blocked for the benefit of organizations that might still have older versions of the application software in use.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.