Microsoft OneNote Will Block 120 Potentially Dangerous File Extensions

Microsoft has announced that it will soon block dangerous embedded files in OneNote to protect users from ongoing phishing attacks that spread malware.

The fact is that OneNote allows creating documents containing various design elements that are superimposed on an embedded document. As a result, when you double-click on the place where the embedded file is located (even if there is a design element above it and it is not visible to the user), the file will be launched. For example, we recently wrote that Emotet malware is already using such tactics for distribution.

We also wrote that Emotet Botnet Returns After Law Enforcement Operation and Teams With TrickBot.

Files hidden under a graphic element

Since Microsoft OneNote has become a major problem and has been used to spread malware since last December, Microsoft promised in mid-March to add improved anti-phishing protection to OneNote.

Now the company has shared more details about which extensions will be blocked after the implementation of improved protection. Microsoft developers say they will correlate files that are considered dangerous and blocked in OneNote with files that are blocked in Outlook, Word, Excel, and PowerPoint.

The full list includes 120 extensions.

.ade, .adp, .app, .application, .appref-ms, .asp, .aspx, .asx, .bas, .bat, .bgi, .cab, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .diagcab, .exe, .fxp, .gadget, .grp, .hlp, .hpj, .hta, .htc, .inf, .ins, .iso , .isp, .its, .jar, .jnlp, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, . mau, .mav, .maw, .mcf, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, .msh1xml, .msh2xml, .msi, .msp, .mst, .msu, .ops, .osd, .pcd, .pif, .pl, .plg, .prf, .prg, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml , .psc1, .psc2, .psd1, .psdm1, .pst, .py, .pyc, .pyo, .pyw, .pyz, .pyzw, .reg, .scf, .scr, .sct, .shb, . shs, .theme, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vhd, .vhdx, .vsmacros, .vsw, .webpnp, .website, .ws, .wsc, .wsf, .wsh, .xbap, .xll and .xnk.

While OneNote previously warned users that opening attachments could harm their data, but allowed them to open embedded files marked as dangerous, now users will no longer be able to open files with dangerous extensions.

If the file is locked, the user will see a warning dialog: “Your administrator has blocked the ability to open this type of file in OneNote.”

These changes will begin rolling out between late April 2023 and late May 2023, starting with version 2304 in the Current Channel (Preview) for OneNote in Microsoft 365 for Windows.

Enhanced security will also be available in regular versions of Office 2021, Office 2019, and Office 2016 (Current Channel), but not in Office Standard 2019 or Office LTSC Professional Plus 2021.