/>
X
Innovation

Microsoft bans 38 file extensions in Outlook for the Web

Banned file types include Java, Python, and PowerShell extensions.
catalin-cimpanu.jpg
Written by Catalin Cimpanu on
microsoft-outlook-on-web-gets-smarter-ai-5ca1e366dd173300b8ed4028-1-apr-03-2019-14-56-27-poster.jpg

Microsoft plans to expand the list of file extensions that are banned in Outlook for the web (previously known as Outlook Web Access (OWA)).

The list, which previously included 104 file extensions, will be expanded "soon" with 38 new entries.

These new entries are file types that are regularly used to deliver malware to Outlook inboxes.

Once added to the list of blocked file extensions, users won't be able to download any of these types of files from their inboxes -- unless the Outlook/Exchange administrator has whitelisted a particular file extension on purpose, using a special config.

"The newly blocked file types are rarely used, so most organizations will not be affected by the change," the Microsoft Exchange team said in an announcement yesterday.

The 38 new file extensions that will soon be banned in Outlook for the web include:

  • Java files: ".jar", ".jnlp"
  • Python files: ".py", ".pyc", ".pyo", ".pyw", ".pyz", ".pyzw"
  • PowerShell files: ".ps1", ".ps1xml", ".ps2", ".ps2xml", ".psc1", ".psc2", ".psd1", ".psdm1", ".psd1", ".psdm1"
  • Digital certificates: ".cer", ".crt", ".der"
  • Files used to exploit vulnerabilities in third-party software: ".appcontent-ms", ".settingcontent-ms", ".cnt", ".hpj", ".website", ".webpnp", ".mcf", ".printerexport", ".pl", ".theme", ".vbp", ".xbap", ".xll", ".xnk", ".msu", ".diagcab", ".grp"

The list of 104 file types that Microsoft is currently blocking in Outlook for the web is available here. Microsoft didn't say when the 38 new file types will be added to the Outlook ban list, but only said the change was coming "soon."

"Outlook for the web" is a web-based email client that Microsoft created as an alternative to the older Outlook desktop app.

It's included in Microsoft's Office 365 and Exchange Online subscription services, but also ships with self-hosted, on-premise Exchange email servers.

Administrators of Office 365, Exchange Online, or Exchange Server systems can whitelist any of the 142 blocked file extensions by following the steps listed on this page.

High-performance storage: From flash drives to server hard drives (April 2018 edition)

Editorial standards

Related

Office 2016 and 2019 users won't be cut off from Microsoft 365 back-end services next year
officebackendconnectivity

Office 2016 and 2019 users won't be cut off from Microsoft 365 back-end services next year

Hackers are still using these old security flaws in Microsoft Office. Make sure you've patched them
hacker-hands-in-the-shadows-istock.jpg

Hackers are still using these old security flaws in Microsoft Office. Make sure you've patched them

Beef up Microsoft Edge with my favorite add-ons
sample-image-16-9-red.jpg

Beef up Microsoft Edge with my favorite add-ons