Microsoft has been actively working to thwart phishing in Outlook, which is a growing online security concern, that led to many recent compromises involving big companies who are now devoting enormous resources in combating the menace.
The company had earlier introduced some measures to combat the menace, such as DMARC, a standardized specification on email recipient systems authentication. DMARC authenticates any incoming message using SPF and DKIM technologies, in order to check phishing and SPAM mails, but still Malware or computer virus can infect computers in several other ways.
While the most common methods that malware infect a computer is usually through malicious file attachments via emails, which easily execute the malware once a user opens the attachment in the mail.
Microsoft has planned to blacklist additional 38 file extensions in its list of file extensions, which blacklist will ensure that such extensions are blocked from downloading as attachments in the Outlook web-mail service, the email client that allow users to access emails, tasks, calendars and contacts from Microsoft's cloud-based Exchange or on-premises Exchange Server.
The currently blocked file extensions are about 104 entries, and when the scheduled 38 new extensions are added to the block list, will prevent users on Outlook for Web from downloading any such attachments having these 142 file extensions, unless an administrator has specifically white-listed any of the blacklisted by removing it from the BlockedFileTypes list.
The BlockedFileTypes list is essentially blocked file extensions that Microsoft considers to be harmful to its Email users, so as to prevent them from downloading the attachments of such types of files.
Microsoft, however maintains that associated vulnerabilities with its various applications have already been patched, but that the blockade was necessary for the benefit of those organizations that may still be running older versions of the application software.
Therefore, if your organization wishes that employees be able to download attachment of the blacklisted extension types, it should first ensure that its application software are all up-to-date and that users are quite aware of the risks associated with such file types.