Microsoft announced it will expand the list of blocked attachments in Outlook Web and the new Outlook for Windows starting next month.
Microsoft announced it will expand the list of blocked attachments in Outlook Web and the new Outlook for Windows starting next month.
The company said on Monday in a Microsoft 365 Message Center update that Outlook will block .library-ms and .search-ms file types beginning in July.
"As part of our ongoing efforts to enhance security in Outlook Web and the New Outlook for Windows, we're updating the default list of blocked file types in OwaMailboxPolicy," Microsoft said. "Starting in early July 2025, the [.library-ms and .search-ms] file types will be added to the BlockedFileTypes list."
An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions.
Morphisec researchers have discovered an important Microsoft Outlook vulnerability. Read on for CVE-2024- 38021 details and technical impact.
Critical Microsoft Outlook vulnerability, CVE-2024-30103, and step-by-step instructions to force an update to all your end points.
Morphisec researchers have identified a critical Microsoft Outlook vulnerability, CVE-2024-30103, and detail its technical impact and recommended actions.
Learn how NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects.
Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. As mentioned in the paper, we discovered an interesting security issue in Outlook when the app handles specific hyperlinks. In this blog post, we will share our research on the issue with the security community and help defend against it. We will also highlight the broader impact of this bug in other software.
In three campaigns over the past 20 months, Russian APT Fighting Ursa has targeted over 30 organizations of likely strategic intelligence value using CVE-2023-23397.
Results of Major Technical Investigations for Storm-0558 Key Acquisition
Rep. Don Bacon tweeted Monday that he had been notified by the FBI that his emails had been hacked.
A Chinese hacking group exploited a bug in Microsoft’s cloud email service to spy on two-dozen organizations, including some government agencies, the tech giant said late Tuesday.
Microsoft says the early June disruptions to its Microsoft’s flagship office suite — including the Outlook email apps — were denial-of-service attacks by a shadowy new hacktivist group. In a blog post published Friday evening after The Associated Press sought clarification on the sporadic but serious outages, Microsoft confirmed that that they were DDoS attacks by a group calling itself Anonymous Sudan, which some security researchers believe is Russia-affiliated. The software giant offered few details on the attack. It did not comment on how many customers were affected.
This guide provides steps organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397.
Huntress is tracking CVE-2023-23397, a 0-day that impacts Microsoft Outlook and requires no user interaction to expose user credential hashes.
