11-06-2025
Outlook Users Must Not Open These 2 Files, Microsoft Warns
Microsoft to block dangerous Outlook attachment files.
Don't be fooled by all the headlines into thinking it is only Gmail users who are exposed to ongoing security threats. All email users are targets of threat actors, including Outlook, and many of the methods used in such cyberattacks are identical. This is certainly the case when it comes to the use of attachments to distribute malware or entice victims into taking the bait during a phishing attack. Microsoft has now announced that, starting in July, it will block two file types that have been observed in email-based attacks earlier this year. But don't wait for the OwaMailboxPolicy default policy update to arrive; be aware that you must not open these attachments between now and then. Here's what you need to know if you use Outlook Web or the latest Outlook for Windows.
Microsoft has now confirmed that, with effect in 'early July,' the list of blocked attachments for users of Outlook Web and Outlook for Windows will be updated to include two new file types that are known to be dangerous.
The BlockedFileTypes list that forms part of the default OwaMailboxPolicy will be updated to include both .library-ms and .search-ms as 'part of our ongoing efforts to enhance security in Outlook Web and the New Outlook for Windows,' Microsoft said in an official announcement.
This is important stuff, as one of these file types, .library-ms which comprises Windows Lib ray files, was part of an attack against organizations exposing NTLM password hashes, as I reported in March.
Anything that can help reduce the flow of attacks deployed by cybercriminals targeting email users has to be a good thing, and this ongoing action from Microsoft is a welcome move for the impacted Outlook users.
The good news is that, as Microsoft confirmed, the newly blocked file types are rarely used, so the blocking should have little impact on most organizations. 'However, if your users are sending and receiving affected attachments,' Microsoft said, 'they will report that they are no longer able to open or download them in Outlook Web or the New Outlook for Windows.'
Everyone should be aware that opening attachments within Outlook can be a very risky business. Do not wait until July if you use the OwaMailboxPolicy for protection, get educated and ensure you don't open these dangerous file types beforehand.
