- Outlook stops displaying inline SVG pictures to restrict phishing and malware dangers
- Microsoft continues retiring dangerous options throughout Workplace and Home windows platforms for defense
- Firm balances consumer impression with safety, guaranteeing SVG attachments stay totally supported
Malicious use of SVG recordsdata has change into increasingly more widespread lately, with attackers counting on the format to ship malware and construct phishing pages.
In response, Microsoft is altering how Outlook handles such a content material and can now forestall inline SVG pictures from showing in Outlook for Net or within the new Outlook for Home windows.
In a Microsoft 365 Message Heart replace, the tech big mentioned, “Inline SVG pictures will not be displayed in Outlook for Net or the brand new Outlook for Home windows. As an alternative, customers will see clean areas the place these pictures would have appeared.”
A small impression
Microsoft will not totally be blocking SVG recordsdata nonetheless.
“SVG pictures despatched as basic attachments will proceed to be supported and viewable from the attachment effectively. This replace helps mitigate potential safety dangers, akin to cross-site scripting (XSS) assaults,” the corporate added.
Microsoft says fewer than 0.1% of pictures in Outlook use this methodology, so the impression on typical communication must be minor.
The choice is a part of Microsoft’s wider technique to cut back the variety of options that attackers can abuse.
Over the previous a number of years, the corporate has retired or restricted capabilities in each Workplace and Home windows which have been utilized in phishing or malware campaigns.
Earlier in 2025, Outlook Net and the Outlook for Home windows started blocking .library-ms and .search-ms recordsdata which Bleeping Laptop notes had had been exploited in assaults towards authorities targets since no less than 2022.
Microsoft has additionally carried out protections towards macros and add-ins in its productiveness software program. Adjustments embrace blocking VBA Workplace macros by default, including safety for Excel 4.0 macros, disabling untrusted XLL add-ins and ActiveX controls in Microsoft 365 and Workplace 2024 apps, and eradicating assist for VBScript.
The complete record of codecs now blocked is accessible to view in Microsoft’s documentation right here.
Comply with TechRadar on Google Information and add us as a most well-liked supply to get our skilled information, opinions, and opinion in your feeds. Make certain to click on the Comply with button!
And naturally you too can comply with TechRadar on TikTok for information, opinions, unboxings in video kind, and get common updates from us on WhatsApp too.
You may also like
