Poisoned email attachments typical attack vector

One of the most common means by which malware winds up on the computers of its victims is via an email attachment.  All it takes is one careless moment.  One-click to open a file that turns out to be poisoned and you're in for a world of trouble.

That's the exact reason why email providers tend to be incredibly selective about what kinds of attachments their services allow.

Microsoft recently announced that they're further restricting their number of allowable extension types, placing a total of 36 additional file extensions.  That's thirty-eight new file types you won't be able to download via Outlook Web, and it brings the total number of blocked file types up to 140.

Microsoft had this to say about the matter

"We're always evaluating ways to improve security for our customers and so we took the time to audit the existing blocked file list and update it to better reflect the file types we see as risks today."

The good news is that you're unlikely to notice the impact of the new additions, even though it sounds like a big increase.  That's because most of the extensions the company plans to adopt are fairly exotic and seldom used.  When they are used, at least a significant percentage of the time, they're used by hackers for nefarious purposes.

The list of the extensions Microsoft plans to ban

  • .py
  • .pyc
  • .pyo
  • .pyw
  • .pyz
  • .pyzw
  • .ps1
  • .ps1xml
  • .ps2
  • .ps2xml
  • .psc1
  • .psc2
  • .psd1
  • .psdm1
  • .cer
  • .crt
  • .der
  • .jar
  • .jnlp
  • .appcontent-ms
  • .settingcontent-ms
  • .cnt
  • .hpj
  • .website
  • .webpnp
  • .mcf
  • .printerexport
  • .pl
  • .theme
  • .vbp
  • .xbap
  • .xll
  • .xnk
  • .msc
  • .diagcab
  • .grp

Our perspective

Again, most people have probably never even heard of, and don't use these extensions anyway, so it shouldn't have a huge or visible impact, but be aware that the change is coming.

Meanwhile, check out this report

This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.

Contact me if you would like me to speak at your association.

Used with permission from Article Aggregator