To better protect users, Microsoft has published detailed information on the dangerous embedded files that OneNote will soon block.
“To help protect you and your recipients against computer viruses, Outlook blocks the sending and receiving of certain types of files (such as .exe and certain database files) as attachments,” Microsoft.
Threat actors embed dangerous files and scripts in malicious Microsoft OneNote documents, covering them with design elements.
Following recent and ongoing phishing attacks propagating malware, Microsoft initially disclosed that OneNote will have improved security in a Microsoft 365 roadmap article released recently last month.
As Microsoft patched a MoTW, bypassed zero-day exploit to spread malware via ISO and ZIP files, and finally disabled Word and Excel macros by default, threat actors began employing OneNote documents in spear phishing campaigns around the middle of December 2022.
According to Microsoft, the files considered dangerous and blocked in OneNote will be aligned with those blocked in Outlook, Word, Excel, and PowerPoint.
.ade, .adp, .app, .application, .appref-ms, .asp, .aspx, .asx, .bas, .bat, .bgi, .cab, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .diagcab, .exe, .fxp, .gadget, .grp, .hlp, .hpj, .hta, .htc, .inf, .ins, .iso, .isp, .its, .jar, .jnlp, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mcf, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, .msh1xml, .msh2xml, .msi, .msp, .mst, .msu, .ops, .osd, .pcd, .pif, .pl, .plg, .prf, .prg, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .psd1, .psdm1, .pst, .py, .pyc, .pyo, .pyw, .pyz, .pyzw, .reg, .scf, .scr, .sct, .shb, .shs, .theme, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vhd, .vhdx, .vsmacros, .vsw, .webpnp, .website, .ws, .wsc, .wsf, .wsh, .xbap, .xll, .xnk
Users will no longer have the option to access files with harmful extensions after the security upgrade goes live. Before, OneNote informed users that accepting attachments could harm their data while allowing them to open the embedded files marked as risky.
When a file is restricted, users will see a notification that reads, “Your administrator has blocked your ability to open this file type in OneNote.”
According to Microsoft, between late April and late May 2023, OneNote for Microsoft 365 on Windows devices will start to receive the modification in Version 2304 in Current Channel (Preview).
The security enhancement will not be included in volume-licensed versions of Office, such as Office Standard 2019 or Office LTSC Professional Plus 2021; it will be accessible in retail versions of Office 2021, Office 2019, and Office 2016 (Current Channel).
Nevertheless, it will not be available in OneNote on the web, OneNote for Windows 10, OneNote for Mac, or OneNote for Android or iOS devices.
|Update channel||Version||Release date|
|Current Channel (Preview)||Version 2304||First half of April 2023|
|Current Channel||Version 2304||Second half of April 2023|
|Monthly Enterprise Channel||Version 2304||June 13, 2023|
|Semi-Annual Enterprise Channel (Preview)||Version 2308||September 12, 2023|
|Semi-Annual Enterprise Channel||Version 2308||January 9, 2024|
To block additional file extensions you might consider unsafe, activate the ‘Block additional file extensions for OLE embedding’ policy under User Configuration\Policies\Administrative Templates\Microsoft Office 2016\Security Settings and select the extensions you want to be blocked.
Also, you can activate the “Allow file extensions for OLE embedding” policy from the same area in the Group Policy Management Console and specify which extensions you want to allow if you need to enable particular file extensions that will shortly be blocked by default.
Also, you can modify the policies to suit your needs using the Cloud Policy service for Microsoft 365. Any modification you make will also impact Word, Excel, and PowerPoint.
These policies aren’t available in Microsoft Apps for Business; hence they are only available to users of Microsoft 365 Apps for Enterprise.
Network Security Checklist – Download Free E-Book
We're currently living in an age where digital threats loom large. Among these, ransomware has…
Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…
Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…
An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…
One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…
In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…