Microsoft has just updated the list of blocked dangerous file formats, also known as the Packager Activation List inside Office 365 documents and has added SettingContent-ms File to it. This file format is a special shortcut file which opens the new Windows Settings panel that was launched with Windows 8 release. It is featured mainly on Windows 10 on the previous Control Panel system.
The move of blocking this file format on Office 365 documents through Object Linking and Embedding feature came after a report was published by a security researcher in June. It showed how vulnerable these files were to embedding inside Office documents and any one could achieve remote code execution over it. Even though there was no attempt at any malspam campaign on the file format until now, still Microsoft’s Office 365 team did not wait for any attack to take place before they could take a step to prevent it. The company’s engineers immediately updated the Packages Activation List and added SettingContent-ms File to it as well.
The list now includes 108 file extensions that are termed as ‘dangerous’. Other file extensions in addition to the SettingContent-ms File include CHM, HTA, EXE, JS, MSI, VBS, WSF and all distinct PowerShell extensions. In case a user opens a Word file which contains an OLE object and tries to run any one of these malicious types of files, an error like the one below will appear.
In the past Outlook.com has also been using the same list as Office for OLE activation. It means that the change will also be observed in Outlook.com and malware authors would not be able to send SettingContent-ms File to Outlook.com.