- Outlook stops showing SVG images online to limit the risk of phishing and malware
- Microsoft continues to withdraw risky features on Office and Windows Patients for Protection
- The company balances the impact of users with security, ensuring that the SVG attachments remain entirely supported
The malicious use of SVG files has become more and more common in recent years, the attackers counting on the format to provide malware and create pages of phishing.
In response, Microsoft changes the way Outlook manages this type of content and will now prevent SVG images online from appearing in Outlook for the web or in the new outlook for Windows.
In an update of the Microsoft 365 messages center, the technology giant said: “Online SVG images will no longer be displayed in Outlook for the web or the new outlook for Windows. Instead, users will see empty spaces where these images have been appeared.”
A little impact
Microsoft will not completely block SVG files.
“The SVG images sent in the form of conventional attachments will continue to be taken care of and visible from the attachment. This update helps to mitigate potential security risks, such as cross -script attacks (XSS),” added the company.
Microsoft says that less than 0.1% of images in Outlook use this method, so the impact on typical communication should be a minor.
The decision is part of Microsoft’s wider strategy to reduce the number of features that attackers can abuse.
In recent years, the company has removed or restricted functions in offices and windows that have been used in phishing or malware campaigns.
Earlier in 2025, Outlook Web and Outlook for Windows began to block the .library-ms and .search-ms files that BIP computer Notes had been exploited in attacks on government targets for at least 2022.
Microsoft has also implemented protections against macros and additional modules in its productivity software. The changes include blocking macros Office VBA by default, adding protection for Excel 4.0 macros, deactivation of XLL non -reliable supplements and ActiveX controls in Microsoft 365 and Office 2024 applications and delete vbscript support.
The full list of now blocked formats is available to display in Microsoft’s documentation here.
Follow Techradar on Google News And Add us as a favorite source To get our news, criticisms and expert opinions in your flows. Be sure to click on the follow!
And of course, you can also Follow Techradar on Tiktok For news, criticism, unpacking in video form and obtain regular updates to us on Whatsapp Also.
