Microsoft Outlook: Adding Extra Protection Against Cyber Attacks

In a significant move to boost email security, Microsoft announced that starting in early July 2025, Outlook Web and the new Outlook for Windows will block two additional file types: .library-ms and .search-ms.

This update aims to mitigate the risk of cyberattacks exploiting these file formats, which have been increasingly used in phishing campaigns and malware distribution.

The .library-ms files, associated with the Windows Library Description, define virtual folders that aggregate content from various locations. Earlier this year, these files were implicated in attacks that allowed the exfiltration of NTLM hashes, posing a significant threat to user credentials.

Similarly, .search-ms files, which pertain to Windows Search Connector files that facilitate saved search queries, have also been exploited. Attackers attempt to launch Windows Search windows on recipients' devices, tricking them into executing malicious code.

Microsoft's decision to block these file types is part of its ongoing efforts to enhance security in Outlook Web and the New Outlook for Windows. The company stated that these file types are rarely used in legitimate business communications, so most organizations will not be affected by the change.

This proactive measure reflects Microsoft's commitment to a zero-trust security model, where potentially risky elements are blocked by default. By expanding the list of blocked file types, Microsoft aims to reduce the attack surface available to threat actors, aligning with industry-wide efforts to implement preventive protection strategies.

Users and administrators are encouraged to review their current email security policies and communicate these changes to ensure a smooth transition during the rollout. While the impact is expected to be minimal, advance preparation will help maintain seamless operations.