The note-taking service, OneNote, has recently become a popular tool for distributing malware. To prevent this, Microsoft has announced its intention to automatically block any embedded files with harmful file extensions in OneNote.
Previously, individuals received a prompt informing them that accessing certain attachments could lead to damage to their computer and personal information. However, they had the option to ignore the warning and proceed with opening the files.
In the future, there will be a change regarding the opening of embedded files with dangerous extensions. Microsoft plans to restrict users from directly accessing these files and instead show a notification stating that their administrator has prevented them from opening this file type in OneNote.
The new version, 2304, of OneNote for Microsoft 365 on Windows devices is set to be released soon. This update will only affect the Windows platform and will not have any impact on OneNote for macOS, Android or iOS, as well as the web and Windows 10 versions of OneNote.
Microsoft has reported that OneNote, similar to Outlook, Word, Excel, and PowerPoint, blocks certain extensions as a default security measure. These extensions have the potential to be unsafe and can cause harm if clicked by the user. Adding these extensions to an allow list could compromise the security of not only OneNote but also other applications like Word and Excel.
The aforementioned list contains 120 different extension options.
.ade, .adp, .app, .application, .appref-ms, .asp, .aspx, .asx, .bas, .bat, .bgi, .cab, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .diagcab, .exe, .fxp, .gadget, .grp, .hlp, .hpj, .hta, .htc, .inf, .ins, .iso, .isp, .its, .jar, .jnlp, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mcf, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, .msh1xml, .msh2xml, .msi, .msp, .mst, .msu, .ops, .osd, .pcd, .pif, .pl, .plg, .prf, .prg, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .psd1, .psdm1, .pst, .py, .pyc, .pyo, .pyw, .pyz, .pyzw, .reg, .scf, .scr, .sct, .shb, .shs, .theme, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vhd, .vhdx, .vsmacros, .vsw, .webpnp, .website, .ws, .wsc, .wsf, .wsh, .xbap, .xll, and .xnk
¨
If users decide to access the embedded file, they can do it by saving it on their device first and then opening it from there.
Microsoft's recent move to disable macros in Office files downloaded from the internet has prompted cybercriminals to resort to utilizing OneNote attachments for distributing malware through their phishing campaigns.
Trellix, a cybersecurity company, has reported that the amount of harmful OneNote examples has been progressively rising since December 2022 and has significantly increased in February 2023.