To better protect users, Microsoft has published detailed information on the dangerous embedded files that OneNote will soon block.
“To help protect you and your recipients against computer viruses, Outlook blocks the sending and receiving of certain types of files (such as .exe and certain database files) as attachments,” Microsoft.
Threat actors embed dangerous files and scripts in malicious Microsoft OneNote documents, covering them with design elements.
Following recent and ongoing phishing attacks propagating malware, Microsoft initially disclosed that OneNote will have improved security in a Microsoft 365 roadmap article released recently last month.
As Microsoft patched a MoTW, bypassed zero-day exploit to spread malware via ISO and ZIP files, and finally disabled Word and Excel macros by default, threat actors began employing OneNote documents in spear phishing campaigns around the middle of December 2022.
Blocked File Types in Outlook
According to Microsoft, the files considered dangerous and blocked in OneNote will be aligned with those blocked in Outlook, Word, Excel, and PowerPoint.
.ade, .adp, .app, .application, .appref-ms, .asp, .aspx, .asx, .bas, .bat, .bgi, .cab, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .diagcab, .exe, .fxp, .gadget, .grp, .hlp, .hpj, .hta, .htc, .inf, .ins, .iso, .isp, .its, .jar, .jnlp, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mcf, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, .msh1xml, .msh2xml, .msi, .msp, .mst, .msu, .ops, .osd, .pcd, .pif, .pl, .plg, .prf, .prg, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .psd1, .psdm1, .pst, .py, .pyc, .pyo, .pyw, .pyz, .pyzw, .reg, .scf, .scr, .sct, .shb, .shs, .theme, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vhd, .vhdx, .vsmacros, .vsw, .webpnp, .website, .ws, .wsc, .wsf, .wsh, .xbap, .xll, .xnk
Users will no longer have the option to access files with harmful extensions after the security upgrade goes live. Before, OneNote informed users that accepting attachments could harm their data while allowing them to open the embedded files marked as risky.
When a file is restricted, users will see a notification that reads, “Your administrator has blocked your ability to open this file type in OneNote.”
According to Microsoft, between late April and late May 2023, OneNote for Microsoft 365 on Windows devices will start to receive the modification in Version 2304 in Current Channel (Preview).
The security enhancement will not be included in volume-licensed versions of Office, such as Office Standard 2019 or Office LTSC Professional Plus 2021; it will be accessible in retail versions of Office 2021, Office 2019, and Office 2016 (Current Channel).
Nevertheless, it will not be available in OneNote on the web, OneNote for Windows 10, OneNote for Mac, or OneNote for Android or iOS devices.
| Update channel | Version | Release date |
| Current Channel (Preview) | Version 2304 | First half of April 2023 |
| Current Channel | Version 2304 | Second half of April 2023 |
| Monthly Enterprise Channel | Version 2304 | June 13, 2023 |
| Semi-Annual Enterprise Channel (Preview) | Version 2308 | September 12, 2023 |
| Semi-Annual Enterprise Channel | Version 2308 | January 9, 2024 |
To block additional file extensions you might consider unsafe, activate the ‘Block additional file extensions for OLE embedding’ policy under User Configuration\Policies\Administrative Templates\Microsoft Office 2016\Security Settings and select the extensions you want to be blocked.
Also, you can activate the “Allow file extensions for OLE embedding” policy from the same area in the Group Policy Management Console and specify which extensions you want to allow if you need to enable particular file extensions that will shortly be blocked by default.
Also, you can modify the policies to suit your needs using the Cloud Policy service for Microsoft 365. Any modification you make will also impact Word, Excel, and PowerPoint.
These policies aren’t available in Microsoft Apps for Business; hence they are only available to users of Microsoft 365 Apps for Enterprise.
Network Security Checklist – Download Free E-Book
Related Read:
- Microsoft Introduces New GPT-4 Tool to The Cybersecurity Battlefield
- CISA Released a New Tool to Detect Hacking Activity in Microsoft Cloud Environments
- Microsoft Teams, Virtualbox, Tesla Zero-Days Exploited – Pwn2Own Day Two
- Hackers Exploiting Microsoft Outlook Privilege Escalation Flaw in The Wild
.webp "NCSC Warns of Russian Hackers Attacking Critical National Infrastructure")
.webp "Multiple QNAP Vulnerability Let Hackers Hijack Your NAS"){kind=small}
