Microsoft has announced plans to automatically block embedded files with “dangerous extensions” in OneNote after reports that note-taking services are being increasingly abused to deliver malware.

In the past, users were presented with a dialog warning them that opening such attachments could harm their computer and data, but they were able to dismiss the prompt and open the file.

That will change from now on. Microsoft intends to prevent users from directly opening embedded files with dangerous extensions and display the message “Your administrator has blocked this file type from being opened in his OneNote.” It says it does.

This update will begin rolling out later this month with version 2304 and will only affect OneNote for Microsoft 365 on devices running Windows. It does not affect other platforms such as macOS, Android, iOS, and OneNote versions available on the web and Windows 10.

“By default, OneNote blocks the same extensions as Outlook, Word, Excel, and PowerPoint.” Microsoft Said“Malicious scripts and executables can cause harm when clicked by the user. Extensions added to this allow list will make OneNote and other applications such as Word and Excel less secure.” may decline.”

list of 120 extension As follows –

.ade, .adp, .app, .application, .appref-ms, .asp, .aspx, .asx, .bas, .bat, .bgi, .cab, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .diagcab, .exe, .fxp, .gadget, .grp, .hlp, .hpj, .hta, .htc, .inf, .ins, .iso , .isp, .its, .jar, .jnlp, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, . mau, .mav, .maw, .mcf, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, .msh1xml, .msh2xml, .msi, .msp, .mst, .msu, .ops, .osd, .pcd, .pif, .pl, .plg, .prf, .prg, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml , .psc1, .psc2, .psd1, .psdm1, .pst, .py, .pyc, .pyo, .pyw, .pyz, .pyzw, .reg, .scf, .scr, .sct, .shb, . shs, .theme, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vhd, .vhdx, .vsmacros, .vsw, .webpnp, .website, .ws, .wsc, .wsf, .wsh, .xbap, .xll, and .xnk

THN Webinar

Become an Incident Response Pro!

Unlocking the Secrets of Bulletproof Incident Response – Master the 6-step process with Asaf Perlman, IR Lead at Cynet!

Don’t miss it – secure your seat!

Users who choose to open an embedded file can first save the file locally on their device and then open it from there.

This development is due to Microsoft’s decision to block macros in Office files downloaded from the internet by default, prompting threat actors to switch to OneNote attachments to deliver malware via phishing attacks.

According to cybersecurity firm Trellix, the number of malicious OneNote samples was Gradual increase After December 2022, it will increase to February 2023.

Did you find this article interesting?Please follow us twitter and LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog