Microsoft has updated the list of dangerous files it blocks inside Office 365 documents, and has added the “.SettingContent-ms” file format to that list.

The SettingContent-ms file format is a special “shortcut” file that opens Microsoft’s new Windows Settings panel that it launched with the release of Windows 8 and which is featured primarily in Windows 10 over the old Control Panel system.

Malware authors were experimenting with SettingContent-ms files

Microsoft took the decision to block SettingContent-ms files inside Office 365 after a security researcher published a report in June showing how someone could embed these files inside Office documents and achieve remote code execution on Windows 10.

Malware authors didn’t stand idly and have been experimenting with the technique for the past month, albeit no serious malspam campaign has used it until now.

But Microsoft’s Office 365 team didn’t want to stand by and wait for one to take the place. This week, the company’s engineers updated the Packager Activation list.

The Packager Activation list is a collection of “dangerous files” that Microsoft blocks users from embedding inside Office documents via the OLE (Object Linking and Embedding) feature.

This list now includes 108 “dangerous” file extensions. Besides ContentSetting-ms, the list also contains classic file formats such as CHM, EXE, HTA, JS, MSI, VBS, WSF, and all the different PowerShell extensions. If users open a Word file containing an OLE object that tries to run one of these malicious file types, an error like the following will appear on the user’s screen.

OLE blocked message

The Microsoft “Packager…