Microsoft OneNote Will Block 120 Potentially Dangerous File Extensions

Microsoft has announced that it will soon block dangerous embedded files in OneNote to protect users from ongoing phishing attacks that spread malware.

As security experts warned, after blocking macros in Microsoft Word and Excel, Microsoft OneNote has become a very attractive “tool” for hackers.

The fact is that OneNote allows creating documents containing various design elements that are superimposed on an embedded document. As a result, when you double-click on the place where the embedded file is located (even if there is a design element above it and it is not visible to the user), the file will be launched. For example, we recently wrote that Emotet malware is already using such tactics for distribution.

We also wrote that Emotet Botnet Returns After Law Enforcement Operation and Teams With TrickBot.

Microsoft OneNote files
Files hidden under a graphic element

Since Microsoft OneNote has become a major problem and has been used to spread malware since last December, Microsoft promised in mid-March to add improved anti-phishing protection to OneNote.

Now the company has shared more details about which extensions will be blocked after the implementation of improved protection. Microsoft developers say they will correlate files that are considered dangerous and blocked in OneNote with files that are blocked in Outlook, Word, Excel, and PowerPoint.

The full list includes 120 extensions.

.ade, .adp, .app, .application, .appref-ms, .asp, .aspx, .asx, .bas, .bat, .bgi, .cab, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .diagcab, .exe, .fxp, .gadget, .grp, .hlp, .hpj, .hta, .htc, .inf, .ins, .iso , .isp, .its, .jar, .jnlp, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, . mau, .mav, .maw, .mcf, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, .msh1xml, .msh2xml, .msi, .msp, .mst, .msu, .ops, .osd, .pcd, .pif, .pl, .plg, .prf, .prg, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml , .psc1, .psc2, .psd1, .psdm1, .pst, .py, .pyc, .pyo, .pyw, .pyz, .pyzw, .reg, .scf, .scr, .sct, .shb, . shs, .theme, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vhd, .vhdx, .vsmacros, .vsw, .webpnp, .website, .ws, .wsc, .wsf, .wsh, .xbap, .xll and .xnk.

While OneNote previously warned users that opening attachments could harm their data, but allowed them to open embedded files marked as dangerous, now users will no longer be able to open files with dangerous extensions.

If the file is locked, the user will see a warning dialog: “Your administrator has blocked the ability to open this type of file in OneNote.”

Microsoft OneNote files

These changes will begin rolling out between late April 2023 and late May 2023, starting with version 2304 in the Current Channel (Preview) for OneNote in Microsoft 365 for Windows.

Enhanced security will also be available in regular versions of Office 2021, Office 2019, and Office 2016 (Current Channel), but not in Office Standard 2019 or Office LTSC Professional Plus 2021.

In addition, protection will not yet work with OneNote on the web, OneNote for Windows 10, OneNote on Mac, or OneNote on Android or iOS devices.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button