Microsoft has announced plans to automatically block embedded files with “dangerous extensions” in OneNote after reports that note-taking services are being increasingly abused to deliver malware.
In the past, users were presented with a dialog warning them that opening such attachments could harm their computer and data, but they were able to dismiss the prompt and open the file.
That will change from now on. Microsoft intends to prevent users from directly opening embedded files with dangerous extensions and display the message “Your administrator has blocked this file type from being opened in his OneNote.” It says it does.
This update will begin rolling out later this month with version 2304 and will only affect OneNote for Microsoft 365 on devices running Windows. It does not affect other platforms such as macOS, Android, iOS, and OneNote versions available on the web and Windows 10.
“By default, OneNote blocks the same extensions as Outlook, Word, Excel, and PowerPoint.” Microsoft Said“Malicious scripts and executables can cause harm when clicked by the user. Extensions added to this allow list will make OneNote and other applications such as Word and Excel less secure.” may decline.โ
list of 120 extension As follows –
.ade, .adp, .app, .application, .appref-ms, .asp, .aspx, .asx, .bas, .bat, .bgi, .cab, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .diagcab, .exe, .fxp, .gadget, .grp, .hlp, .hpj, .hta, .htc, .inf, .ins, .iso , .isp, .its, .jar, .jnlp, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, . mau, .mav, .maw, .mcf, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, .msh1xml, .msh2xml, .msi, .msp, .mst, .msu, .ops, .osd, .pcd, .pif, .pl, .plg, .prf, .prg, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml , .psc1, .psc2, .psd1, .psdm1, .pst, .py, .pyc, .pyo, .pyw, .pyz, .pyzw, .reg, .scf, .scr, .sct, .shb, . shs, .theme, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vhd, .vhdx, .vsmacros, .vsw, .webpnp, .website, .ws, .wsc, .wsf, .wsh, .xbap, .xll, and .xnk
Become an Incident Response Pro!
Unlocking the Secrets of Bulletproof Incident Response โ Master the 6-step process with Asaf Perlman, IR Lead at Cynet!
Users who choose to open an embedded file can first save the file locally on their device and then open it from there.
This development is due to Microsoft’s decision to block macros in Office files downloaded from the internet by default, prompting threat actors to switch to OneNote attachments to deliver malware via phishing attacks.
According to cybersecurity firm Trellix, the number of malicious OneNote samples was Gradual increase After December 2022, it will increase to February 2023.
