On 23 November 2025, some Exchange Online customers using the new Outlook client began reporting that Excel attachments could no longer be opened from the email window. Instead of launching normally, the client displayed the generic error message “Try opening the file again later”. Microsoft has acknowledged the issue under incident ID EX1189359 and started rolling out a fix.
How the new Outlook attachment error manifests in Exchange Online
According to Microsoft’s incident notes, the malfunction is not limited to Excel. Any attachment type can be affected if its file name contains characters outside the basic ASCII set. This includes Cyrillic letters, accented Latin characters, and various special symbols that are common in many languages and corporate naming conventions.
When a user attempts to open such an attachment directly in the new Outlook client, the application fails to handle the file name correctly and returns an error instead of passing the file to Excel or another associated application. From the user’s point of view, the attachment appears “broken”, even though the underlying file stored in Exchange Online or OneDrive is intact.
Microsoft notes that any user of the new Outlook interface may encounter this attachment error if non‑ASCII characters are present in the attachment name. The vendor has not disclosed how many tenants or mailboxes have been impacted, but the potential blast radius includes any multilingual organization or environment where localized file naming is standard practice.
Root cause: missing encoding for non‑ASCII attachment file names
Microsoft has attributed the outage to a defect in how the new Outlook handles file name encoding when opening attachments. In simple terms, the client builds a request to retrieve the attachment from the service, but omits the correct character encoding metadata. As a result, file names that rely on non‑ASCII characters are misinterpreted by downstream components.
Encoding issues of this kind are a known challenge in distributed, cloud‑based systems. When different services or APIs disagree on how characters are represented, data may be displayed incorrectly, rejected outright, or—as in this case—become temporarily inaccessible from a particular client. While this is a functional bug, it directly affects the availability of business‑critical data.
Microsoft incident EX1189359: remediation status and rollout
As of 1 December 2025, Microsoft reports that it has developed and validated a fix that restores the missing encoding in the attachment request flow for the new Outlook client. The update is being deployed in phased waves across Exchange Online infrastructure, a common approach in large cloud platforms to reduce the risk of regressions and new side effects.
This means the remediation is not yet active for all affected tenants. Some organizations may already see the issue resolved, while others will continue to experience attachment errors until the rollout reaches their region or service cluster. Microsoft recommends that customers track the status of incident EX1189359 via the Microsoft 365 Service Health dashboard and communicate timelines to business stakeholders.
Workarounds for Outlook attachment errors and user communication
Temporary access options for blocked attachments
Until the fix is fully deployed, Microsoft recommends two primary workarounds for users unable to open affected files in the new Outlook client:
1. Use Outlook on the web (OWA). The web version of Outlook does not exhibit the encoding bug and opens attachments with non‑ASCII file names normally. For many organizations, temporarily guiding users to Outlook on the web is the fastest way to restore access to critical email attachments.
2. Download and open files locally. In cases where the new Outlook cannot open the attachment inline, users can typically still save the file to local storage and open it directly using Excel or the native application associated with the file type. This approach is less convenient but effective as an interim measure.
Operational and security considerations for organizations
From an IT operations and cybersecurity governance perspective, it is advisable to:
- Inform employees about the attachment issue and available workarounds to reduce helpdesk load and avoid perception of data loss.
- Temporarily avoid non‑ASCII characters in file names for high‑value documents transmitted by email, where feasible, until the fix is confirmed in the tenant.
- Monitor Microsoft 365 Service Health for updates to incident EX1189359 and relay changes promptly to business units and executive stakeholders.
- Validate downstream security tooling—including DLP solutions, secure email gateways, and archival systems—to ensure that attachment processing and policy enforcement are not indirectly impacted by client‑side workarounds.
Why an Outlook encoding bug is a cybersecurity and resilience issue
At first glance, a file name encoding bug in Outlook may appear to be a purely technical inconvenience. In practice, it directly affects data availability, one of the three core pillars of information security alongside confidentiality and integrity. If staff cannot access financial spreadsheets, legal documents, or engineering plans when needed, business processes slow down, deadlines are missed, and operational risk increases.
Highly regulated sectors such as finance, healthcare, and critical infrastructure are particularly sensitive to such delays, as they can trigger compliance issues or breach contractual service level agreements. Incidents like EX1189359 also highlight the importance of secure development practices and robust testing for cloud services, especially in multilingual and globally distributed environments where encoding and localization issues are common.
For security and IT leaders, this event reinforces several best practices: continuous monitoring of cloud service health, maintaining alternative access paths to critical data (such as web clients or mobile apps), and integrating vendor technology failures into incident response and business continuity plans—on equal footing with traditional cyberattacks.
Organizations can use this Outlook attachment error as a catalyst to strengthen their resilience posture: ensure staff know how to switch to Outlook on the web, define backup channels for exchanging critical files, and establish a routine for proactively informing users about major cloud incidents. Treating such “small” bugs as opportunities to improve preparedness will reduce the impact of future service disruptions, whether caused by software defects, misconfigurations, or security events.
