Outlook: Import calendars and contacts from PST file to mailbox in new Outlook for Windows

🚨 The Signal: New Outlook for Windows now allows importing contacts and calendars from PST files. This reintroduces a legacy data ingestion vector, increasing risk of data exfiltration and malware introduction via user-controlled files.

The Impact

All users are affected by the reintroduction of PST file import, increasing the risk of malware and data exfiltration.

• End Users: Increased risk of malware infection from untrusted PST files.
• Security Teams: New vector for data exfiltration and compliance breaches.
• Admins: Potential for increased support requests related to PST file issues and security incidents.

The Action

1. Review and update existing data handling and acceptable use policies to specifically address PST file imports.
2. Communicate updated policies and associated risks to end-users regarding PST file usage.
3. Monitor Microsoft 365 audit logs for PST file import activities, if available, to identify potential misuse.
4. Ensure endpoint detection and response (EDR) solutions are configured to detect and alert on suspicious file activities related to Outlook and PST files.

Domain: M365-Apps · Impact: high · Workload: M365 Apps · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860