- Microsoft is expanding Outlook’s security measures by blocking two additional file types, starting July 2025.
- These file types have recently been linked to phishing and malware campaigns targeting enterprise users, prompting Microsoft to make this proactive update.
In its latest attempt to keep users safe, Microsoft has announced that it is introducing an important security update for its popular email platforms, Outlook Web and the new Outlook for Windows.
Starting in July 2025, users will no longer be able to open or download .library-ms and .search-ms attachments by default, as the company is set to expand its list of blocked file types to fight the multitude of new and increasingly sophisticated cyber threats.
The update was announced on the Microsoft 365 Message Center on Monday.
Microsoft explained the reasoning behind this update, stating, “As part of our ongoing efforts to enhance security in Outlook Web and the New Outlook for Windows, we’re updating the default list of blocked file types in OwaMailboxPolicy.”
IT administrators are being urged to do the following before the rollout:
- Review existing mail workflows for reliance on
.library-ms and .search-ms attachments. - Pre-emptively adjust the AllowedFileTypes policy if necessary.
- Consult Microsoft’s documentation for the full list of blocked file types and guidance on secure attachment handling via OneDrive or SharePoint.
Focusing on the Threat Vectors Abused in Active Campaigns
The decision to block these particular file types stems from the recent uptick in unrelenting threat activity AKA cyber-attacks.
Windows Library files, which serve as virtual collections of folders and files, were reportedly weaponised in early 2025 in phishing attacks exploiting CVE-2025-24054, a vulnerability that enabled the leak of NTLM authentication hashes.
These attacks specifically targeted government entities and corporate environments.
Along the same vein, the .search-ms URI protocol handler has also been used in phishing and malware attacks that could automatically open Windows Search windows. This chain of exploits has given attackers the power to trick users into executing malicious code by convincing them that they are using legitimate search prompts.
Minimal Operational Disruption is Anticipated
The attachment update is not likely to cause any issues for businesses.
Microsoft has said that since these file types are rarely used in regular business operations, the upcoming change is highly unlikely to have a negative impact for most organisations.
Nevertheless, companies whose workflows do rely on these formats should proactively adjust their OWA Mailbox Policy settings by adding the file types to their AllowedFileTypes list ahead of the rollout of this July update.
Part of a Broader Strategy Against File-Based Exploits
The move to block default attachment downloads is just one part of Microsoft’s broader initiative to reduce the possibility of attacks within its productivity and operating system ecosystems.
In the past several years, the company has gone about deprecating or even completely disabling legacy features that have long been used by hackers and other entities wishing to steal data or cause shutdowns.
Some of the features that have undergone changes includes the default blocking of Office VBA macros, the disabling of Excel 4.0 (XLM) macros, and the planned deprecation of VBScript and ActiveX controls in Microsoft 365 and Office 2024.
By tightening the reins on file attachment types, Microsoft is continuing to reinforce its layered defence approach of protecting users not only through endpoint detection, but by closing off exploit loop holes before they can be triggered.
*
There’s never been a more important time to rethink and enhance your cybersecurity strategy. With the help of 24/7 IT Services, you can get expert IT Security Solutions, Managed IT Support, and more, to keep your company functioning smoothly. Contact us today for more information.
