Increasingly prevalent cyber intrusions involving inline Scalable Vector Graphics images have prompted Microsoft to stop displaying such images in Outlook for Web and the new Outlook for Windows, according to BleepingComputer.Fewer than 0.1% of all Outlook-sent images will be impacted by the change, which was rolled out beginning early September and is poised to be completed by the middle of the month, said Microsoft, which emphasized that support for SVG images sent as classic attachments will persist."This update helps mitigate potential security risks, such as cross-site scripting (XSS) attacks," Microsoft added. Phishing attacks using SVG files were reported by Trustwave to have spiked by 1,800% from April 2024 to early 2025, with the surge attributed to phishing-as-a-service platforms.Such a development comes amid Microsoft's crackdown on actively exploited Windows and Office features, with the firm most recently prohibiting .library-ms and .search-ms files in Outlook Web and new Outlook for Windows following government-targeted intrusions.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds