News

Microsoft OneNote Will Block 120 Potentially Dangerous File Extensions

Microsoft has announced that it will soon block dangerous embedded files in OneNote to protect users from ongoing phishing attacks that spread malware.

As security experts warned, after blocking macros in Microsoft Word and Excel, Microsoft OneNote has become a very attractive “tool” for hackers.

The fact is that OneNote allows creating documents containing various design elements that are superimposed on an embedded document. As a result, when you double-click on the place where the embedded file is located (even if there is a design element above it and it is not visible to the user), the file will be launched. For example, we recently wrote that Emotet malware is already using such tactics for distribution.

We also wrote that Emotet Botnet Returns After Law Enforcement Operation and Teams With TrickBot.


Files hidden under a graphic element

Since Microsoft OneNote has become a major problem and has been used to spread malware since last December, Microsoft promised in mid-March to add improved anti-phishing protection to OneNote.

Now the company has shared more details about which extensions will be blocked after the implementation of improved protection. Microsoft developers say they will correlate files that are considered dangerous and blocked in OneNote with files that are blocked in Outlook, Word, Excel, and PowerPoint.

The full list includes 120 extensions.

.ade, .adp, .app, .application, .appref-ms, .asp, .aspx, .asx, .bas, .bat, .bgi, .cab, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .diagcab, .exe, .fxp, .gadget, .grp, .hlp, .hpj, .hta, .htc, .inf, .ins, .iso , .isp, .its, .jar, .jnlp, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, . mau, .mav, .maw, .mcf, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, .msh1xml, .msh2xml, .msi, .msp, .mst, .msu, .ops, .osd, .pcd, .pif, .pl, .plg, .prf, .prg, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml , .psc1, .psc2, .psd1, .psdm1, .pst, .py, .pyc, .pyo, .pyw, .pyz, .pyzw, .reg, .scf, .scr, .sct, .shb, . shs, .theme, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vhd, .vhdx, .vsmacros, .vsw, .webpnp, .website, .ws, .wsc, .wsf, .wsh, .xbap, .xll and .xnk.

While OneNote previously warned users that opening attachments could harm their data, but allowed them to open embedded files marked as dangerous, now users will no longer be able to open files with dangerous extensions.

If the file is locked, the user will see a warning dialog: “Your administrator has blocked the ability to open this type of file in OneNote.”

These changes will begin rolling out between late April 2023 and late May 2023, starting with version 2304 in the Current Channel (Preview) for OneNote in Microsoft 365 for Windows.

Enhanced security will also be available in regular versions of Office 2021, Office 2019, and Office 2016 (Current Channel), but not in Office Standard 2019 or Office LTSC Professional Plus 2021.

In addition, protection will not yet work with OneNote on the web, OneNote for Windows 10, OneNote on Mac, or OneNote on Android or iOS devices.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

19 hours ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

19 hours ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

19 hours ago

Remove Themoneyminutes pop-up ads (Virus Removal Guide)

Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…

19 hours ago

Remove News-xcidizi pop-up ads (Virus Removal Guide)

News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…

23 hours ago

Remove Everytraffic-flow pop-up ads (Virus Removal Guide)

Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…

23 hours ago