Here’s a breakdown of the information from the provided text:
Microsoft Outlook is Blocking Inline SVG Images
* The Change: Microsoft Outlook is now blocking inline SVG (Scalable Vector Graphics) images in emails.This means SVG images embedded directly within the email body will not display.
* Attachments are Okay: SVG files sent as attachments will still be supported and viewable.
* Reasoning: this change is a security measure to mitigate risks like cross-site scripting (XSS) attacks.
* Impact: Microsoft states that fewer than 0.1% of images in Outlook are currently delivered this way, so the impact on most users should be minimal.
Broader Security Strategy
* This is part of a larger effort by Microsoft to reduce the attack surface in its products (Office and Windows).
* Thay’ve been phasing out or restricting features that have been exploited in phishing and malware campaigns.
* Recent Actions:
* Blocking .library-ms and .search-ms files (started earlier in 2025). These were used in attacks against government targets.
* Increased protections against macros and add-ins (blocking VBA macros by default, disabling untrusted add-ins, removing VBScript support).
Where to Find More Information
* A full list of blocked file types is available in Microsoft’s documentation: https://learn.microsoft.com/en-us/powershell/module/exchangepowershell/set-owamailboxpolicy?view=exchange-ps#-blockedfiletypes
* More details on the initial declaration can be found at https://www.bleepingcomputer.com/news/security/microsoft-outlook-stops-displaying-inline-svg-images-used-in-attacks/
