Microsoft Exchange will soon block ISO files by default

News
By
published

With the addition, the number of blocked files edges close to a hundred

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

In order to thwart attempts by threat actors to sneak in malware inside certain files, Microsoft is appending ISO files, along with a couple of others, to the list of file types that won’t be allowed to land in the inbox of Microsoft Exchange users.

ISO files are increasingly emerging as a popular enclosure for circulating malicious files and documents. Cybersecurity experts have warned that while Windows 10 can mount ISO files without relying on third-party tools, its contents aren’t usually scanned by the operating system.

In fact, in a recent attack, threat actors relied on this behavior to pass compromised versions of documents that escaped Microsoft Office’s Protected View protections just because they were rolled inside ISO files.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

To prevent such attacks, Microsoft has tweaked the default policies of Microsoft Exchange to make sure that all emails with ISO file attachments are now automatically quarantined, giving users some pause to approach them more cautiously.

More lethal than useful

According to MSPowerUser, the policy change in Microsoft Exchange will begin rolling out early next month in October, and is slated for completion towards the end of the month.

In addition to ISO files, Microsoft has also decided to include the .cab files, as well as .jnlp files to the list of file types banned by Microsoft Exchange, particularly for their increased use for malicious activities.

The .cab files are archive files that don’t find much use as a general-purpose archive format. On the other hand, the .jnlp files can launch Java programs over the web on any computer that has a Java Runtime Environment (JRE) installed, making them more lethal than useful from a cybersecurity perspective.

With the addition of the three file formats, the total number of file types blocked automatically by Microsoft Exchange has now reached 96.

Via MSPowerUser

TOPICS
Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
email
A Windows filetype update may have complicated cyber threat detection efforts
AI business data center
Cybercriminals are using virtual hard drives to drop RATs in phishing attacks
Outlook
Dangerous Microsoft Outlook flaw could let hackers send out malware via email
Flag of the People&#039;s Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
SVG files are offering cybercriminals an easy way in with new phishing attacks
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
US government urges federal agencies to patch Microsoft 365 now
Latest in Pro
Half man, half AI.
How finance teams can avoid falling behind in the AI race
eSIM
Global eSIM shipment volume surpasses half a billion units as demand keeps on growing
woman sit on couch near laptop take break reduce stress do yoga meditation exercise to calm down self control get rid of negative emotions, bad e-mail, difficult task, problems at work concept
IT industry workers hit badly by burnout, stress - but there's still potential for success
A TV remote pointing at YouTube logo
YouTube warns of phishing video using its CEO as bait
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
Salesforce Agentforce 2dx
Salesforce gives AI agents the power to be proactive and autonomous like never before
Latest in News
An Nvidia GeForce RTX 5080 resting on an RTX 5090 on a gray crafting mat.
Corsair tells us only one of its prebuilt PCs with an RTX 5000 GPU has suffered from chip-level fault, suggesting it’s as rare as Nvidia claimed
Fujfilm GFX 50R
First Fujifilm GFX100RF images leaked in build-up to expected reveal – here’s what they tell us about the unique premium compact camera
Samsung Galaxy Z Flip 6 in blue
The Samsung Galaxy Z Flip 7 could have a Motorola Razr-style full-sized cover screen – and I think it’s about time
Spotify logo on a mobile device
Had Spotify problems recently? It's clamped down on Premium APK 'modded' apps – here's what's happening
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
Last-minute AMD RX 9070 XT stock rumors are making me hopeful for a much better launch than Nvidia’s RTX 5000 GPUs – with just one snag
eSIM
Global eSIM shipment volume surpasses half a billion units as demand keeps on growing
More about pro
woman sit on couch near laptop take break reduce stress do yoga meditation exercise to calm down self control get rid of negative emotions, bad e-mail, difficult task, problems at work concept

IT industry workers hit badly by burnout, stress - but there's still potential for success
A TV remote pointing at YouTube logo

YouTube warns of phishing video using its CEO as bait
An Nvidia GeForce RTX 5080 resting on an RTX 5090 on a gray crafting mat.

Corsair tells us only one of its prebuilt PCs with an RTX 5000 GPU has suffered from chip-level fault, suggesting it’s as rare as Nvidia claimed
See more latest
Most Popular
An Nvidia GeForce RTX 5080 resting on an RTX 5090 on a gray crafting mat.
Corsair tells us only one of its prebuilt PCs with an RTX 5000 GPU has suffered from chip-level fault, suggesting it’s as rare as Nvidia claimed
watch back to the future online
Everything new on Prime Video in March 2025
woman sit on couch near laptop take break reduce stress do yoga meditation exercise to calm down self control get rid of negative emotions, bad e-mail, difficult task, problems at work concept
IT industry workers hit badly by burnout, stress - but there's still potential for success
Spotify logo on a mobile device
Had Spotify problems recently? It's clamped down on Premium APK 'modded' apps – here's what's happening
A TV in a living room with the language settings displayed
Prime Video is testing AI dubbing to make movies and shows more accessible – and might avoid the backlash that hit Netflix
Shazam song search on an iPhone
Shazam now makes it super-easy to add identified songs to a Spotify or Apple Music playlist – here’s how it works
A TV remote pointing at YouTube logo
YouTube warns of phishing video using its CEO as bait
Owen Hendricks looks at something off camera in The Recruit season 2.
Netflix aborts mission on hit spy thriller The Recruit and I know which show to blame for its cancelation
The Nvidia and AMD logos clashing with lightning bolts around them.
Sure, Nvidia DLSS 4 is incredibly impressive - but AMD's improved upscaling tech could be a real game-changer
Fujfilm GFX 50R
First Fujifilm GFX100RF images leaked in build-up to expected reveal – here’s what they tell us about the unique premium compact camera