Hackers have been increasingly using malicious email attachments to trick corporate users into compromising their company network, a practice fuelled by the wave of privilege escalation exploits being discovered for Windows.
They have also become increasingly adept at hiding the malware attachments from scanners, with a recent exploit hiding the malware in a .ISO file, the contents of which are not normally scanned by Windows.
To address the issue Microsoft has upped the number and type of attachments currently automatically blocked by their Exchange server.
The newly added file types are ‘.iso’, ‘.cab’ and ‘.jnlp’.
Email with these attachments will now be automatically quarantined, allowing users to approach them more cautiously.
In total 96 file types are now automatically blocked.
Admins can however configure this feature, and adjust the malware filter policy via Powershell.
The change is rolling out in early October and should be complete by late October.