Microsoft Blocks SettingContent-ms Files in Office 365

Microsoft logo company on the window facade of the new Microsoft headquarter, in Milan.
Microsoft has blocked a file extension embedded through Office 365 that is reportedly capable of causing harm.

Microsoft has initiated a precautionary action in blocking a particular file format that goes by the nomenclature “.SettingContent-ms”.

This file format was originally seen when Windows 8 was launched by Microsoft.

Now, on Windows 10, it is deployed within the Settings panel and has taken on the job earlier executed by the Control Panel in the earlier versions of Windows.

The immediate reason to add the “.SettingContent-ms” file format to the list, including certain extensions considered by it to be dangerous, is due to a report by a security expert last month.

The list is found in the Office 365 module and has been updated with this file being added to that “block list.”

Nothing Damaging Has Occurred Yet

The security researcher who discovered the issue published a report on how anyone can misuse this “.SettingContent-ms” file format by embedding it within the Office 365 module to take over the system and carry out code execution from a remote location.

The demo was done on a system running on Windows 10, and the embedding can take place with programs like Word or Excel.

Microsoft acted quickly by blocking the file before any serious reports of hacking, though there are sporadic reports of some criminal elements tinkering with the vulnerability.

Microsoft’s Packager Activation List

The list that Microsoft has created, of files and file extensions that it considers hazardous, is termed Packager Activation list. Microsoft’s developers update it regularly.

Including the new addition, .SettingContent-ms, there are in all 108 different file extensions. EXE, CHM, HTA, MSI, VBS, JS and WSF are only some of the “dangerous” file extensions, and all such files are not permitted to be embedded in any of the Office 365 files.

The route taken for embedding is the Object Linking and Embedding (or OLE) process, and this route is blocked as well.

There are ways to manually make changes to the list if one desires so for any particular purpose. Someone may have use for a file with an extension on the Package Activation list and there will be an instant warning that Microsoft has blocked that file extension.

But, you may have to reach the FAQ section of the Office 365 tutorial to learn how you can revoke the block and work with that file.

How Outlook Could Be Affected

It requires no special skill to know that the hackers use phishing emails with malicious attachments to mount a cyberattack.

Microsoft has therefore ensured that MS Outlook also has the same list of files with extensions that have been already determined as dangerous, and Outlook has been duly performing its function with diligence all these years and it will continue to do so.

General Safety Instructions Always Apply

Microsoft Office 365 on PC screen.
Microsoft has initiated a precautionary action in blocking a particular file format that goes by the nomenclature “.SettingContent-ms”.

The general refrain from the cybersecurity experts is to keep yourself protected all the time.

The requirements may vary depending on what kind of computer environment you are working with.

If it is a simple personal computer or a handheld device, ensure you have the right anti-malware program installed; and if the PC is being connected through a router, ensure that your service provider has given it the due protection.

If you have a large organization with several employees accessing the internet and receiving emails on their inter-connected terminals, merely having the anti-malware program alone may not be sufficient to prevent someone with malicious intent to break in and cause damage.

The employees will have to be fully educated on the risks associated with phishing emails and how not to ever download attachments that appear auspicious or even open emails which are from unknown persons. It is safer that way, than to suffer the damage later.

The last instruction relates to keeping your eyes and ears open for any updates being issued by the firmware companies from time to time—whether it is the basic OS supplier like Microsoft, or other companies whose program you have installed in your system or network.

This includes the patches issued by the antivirus company.

When in doubt, have your system audited by an expert to confirm if there are any vulnerabilities and suggest remedies to them.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.