Outlook: Create and save email templates in the new Outlook for Windows

🚨 The Signal: New Outlook for Windows now supports creating, saving, and importing email templates. This streamlines repetitive communications but introduces a new vector for malicious content delivery via .oft files.

The Impact

All users are affected by the introduction of a new method for content delivery, increasing the risk of malware and phishing via template files.

• End users face increased risk from malicious .oft files distributed via email or other channels.
• Security teams must update monitoring and detection strategies for template-based threats.
• Compliance officers need to assess new data exfiltration risks through template content.
• IT administrators may need to implement new content filtering policies for .oft files.

The Action

1. Review existing email content filtering rules for .oft file attachments and consider blocking or sandboxing.
2. Educate users on the risks associated with opening unsolicited .oft files, similar to other executable content.
3. Implement or enhance Data Loss Prevention (DLP) policies to scan content within .oft files for sensitive information.
4. Monitor security logs for unusual activity related to .oft file usage or template creation/sharing.

Domain: Exchange · Impact: medium · Workload: Exchange Online