Microsoft is updating Outlook for Web and Windows to no longer display risky inline SVG images to mitigate security threats. This change aims to reduce cross-site scripting (XSS) attacks and phishing campaigns involving SVG files, affecting less than 0.1% of images sent. #SVGThreats #PhishingAttacks
Keypoints
- Microsoft is disabling inline SVG images in Outlook for Web and Windows to enhance security.
- The change is part of a broader effort to prevent attacks exploiting Office and Windows features.
- Malicious actors have heavily used SVG files for malware deployment and phishing schemes.
- Other targeted file types like .library-ms and .search-ms are also being blocked in Outlook.
- Microsoft has progressively disabled risky macros and controls since 2018 to protect users.