CinchOps Houston Business Bulletin: Microsoft Outlook Strengthens Email Security with New Attachment Blocking

Microsoft is taking another significant step forward in protecting email users from cyber threats. Starting in early July 2025, Outlook Web and the new Outlook for Windows will automatically block two additional file types that cybercriminals have increasingly exploited in recent attacks: .library-ms and .search-ms files.

This security enhancement comes as part of Microsoft’s broader initiative to proactively close security loopholes before they can be weaponized for large-scale attacks. The update will automatically apply to all OwaMailboxPolicy configurations across organizations, requiring no manual intervention from most users.

 Understanding the Newly Blocked File Types

The .library-ms file extension belongs to Windows Library Description files, which create virtual collections of folders and files within the Windows file system. While legitimate in design, these files have been exploited in sophisticated phishing campaigns targeting government entities and private companies throughout 2025.

The .search-ms file type represents Windows Search Connector files that facilitate saved search queries. Security researchers have documented active exploitation of the .search-ms URI protocol handler in phishing and malware distribution campaigns since June 2022. Attackers discovered they could chain these files with other vulnerabilities to automatically launch Windows Search windows on victims’ devices, ultimately tricking users into executing malicious code.

 Recent Exploit Activity

The decision to block these file types stems from documented real-world attacks.Windows Library files were specifically used in 2025 phishing campaigns that exploited a Windows vulnerability (CVE-2025-24054) to expose NTLM authentication hashes. This technique allowed attackers to capture sensitive authentication credentials from unsuspecting victims.

The .search-ms protocol handler exploitation became particularly concerning when security researcher Matthew Hickey demonstrated how it could be combined with the Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability (CVE-2022-30190) to achieve automatic malware execution.

 Impact on Organizations

Microsoft expects minimal disruption for most organizations since these file types rarely appear in typical business email workflows. However, enterprises that rely on these specific file formats for legitimate purposes should take immediate action to prevent service interruptions.

Organizations can proactively add .library-ms and .search-ms to the AllowedFileTypes property within their OwaMailboxPolicy objects before the July rollout. This administrative action ensures business continuity for companies with specific operational dependencies on these file types.

For Enterprise Exchange Server environments, administrators maintain the flexibility to adjust security settings on individual mailboxes. This granular control allows IT teams to balance security requirements with operational needs.

 Microsoft’s Comprehensive Security Strategy

This attachment blocking expansion represents just one component of Microsoft’s multi-year security hardening initiative. The company began systematically removing or restricting Office and Windows features that attackers commonly abuse for malware distribution.

Key milestones in this security evolution include expanding Antimalware Scan Interface (AMSI) support to Office 365 applications in 2018, implementing default VBA macro blocking, disabling Excel 4.0 (XLM) macros, introducing XLM macro protection, and blocking untrusted XLL add-ins across Microsoft 365 tenants.

Microsoft also eliminated VBScript support in 2024 and disabled all ActiveX controls in Windows versions of Microsoft 365 and Office 2024 applications by April 2025. These actions collectively reduce the attack surface available to cybercriminals while maintaining productivity functionality for legitimate users.

 Alternative File Sharing Methods

Organizations affected by the new blocking policy have several workaround options available. Files can be compressed into ZIP archives, renamed with different extensions, or shared through cloud services like OneDrive and SharePoint. These alternatives maintain file sharing capabilities while reducing security risks associated with the blocked file types.

IT administrators should communicate these changes to end users and establish clear procedures for handling blocked attachments. Employee training on alternative file sharing methods helps maintain productivity while supporting enhanced security measures.

 How CinchOps Can Help

Email security requires a comprehensive approach that extends far beyond attachment filtering. CinchOps brings decades of IT experience to help small and medium-sized businesses navigate these evolving security challenges with confidence and expertise.

CinchOps understands that security updates like Microsoft’s attachment blocking changes can create operational disruptions if not properly planned and implemented. We work proactively with your organization to assess the impact of security changes, configure appropriate policies, and ensure business continuity throughout transitions.

Here’s how CinchOps strengthens your email security posture:

• Complete email security assessment including attachment policies, user training needs, and infrastructure vulnerabilities
• Microsoft 365 security configuration and policy management tailored to your business requirements
• Employee cybersecurity training programs covering email threats, safe attachment handling, and incident reporting procedures
• 24/7 monitoring and threat detection services that identify suspicious email activity before it impacts your operations
• Incident response planning and execution for email-based security breaches
• Regular security policy reviews and updates to address emerging threats like the ones Microsoft is now blocking
• Alternative file sharing solutions implementation including secure cloud storage and collaboration platforms

CinchOps eliminates the guesswork from email security management. Our experienced team handles the technical complexity while keeping your business operations running smoothly and securely.

 Discover More 

Discover more about our business protecting cybersecurity services: CinchOps Cybersecurity
Discover related topics: Critical Windows Secure Boot Vulnerabilities Leave Millions of Systems Exposed to Bootkit Attacks 
For Additional Information on this topic: Microsoft to Block Attachments in Outlook Web & Windows Used by Threat Actors

FREE CYBERSECURITY ASSESSMENT