Outlook on the Web to Block File Extensions for PowerShell, Python, and More
In order to help protect Outlook users against malicious email attachments, Microsoft is adding another 38 file extensions to its blacklist for attachments. The company acknowledges that these extensions pose a threat because hackers can use them to target users with malicious files designed to plant malware, exploit security flaws or carry out other nefarious actions upon execution.
The extensions to be added fall into the following five categories:
- Python extensions: .py, .pyc, .pyo, .pyw, .pyz, .pyzw
- PowerShell extensions: .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .psd1, .psdm1, .psd1, .psdm1
- Certificate management extensions: .cer, .crt, .der
- Java extensions: .jar, .jnlp
- Extensions used by vulnerabilities: .appcontent-ms, .settingcontent-ms, .cnt, .hpj, .website, .webpnp, .mcf, .printerexport, .pl, .theme, .vbp, .xbap, .xll, .xnk, .msu, .diagcab, .grp