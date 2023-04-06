Microsoft has announced its plans to automatically block files embedded with “dangerous extensions” in OneNote following reports that the annotation service is increasingly used for spreading malware.

Until now, users were shown a dialog warning them that opening such attachments could harm their computer and data, but it was possible to ignore the warning and open the files.

This will change in the future. Microsoft said it wants to prevent users from directly opening a file embedded with a dangerous extension and seeing the message: “Your administrator has blocked your ability to open this type of file in OneNote“.

The update is scheduled to begin shipping with version 2304 later this month and will only affect OneNote for Microsoft 365 on Windows devices. It does not affect other platforms, including macOS, Android and iOS, as well as versions of the Microsoft home application available on the web and for Windows 10.

“By default, OneNote blocks the same extensions as Outlook, Word, Excel, and PowerPoint“, has declared Microsoft. “Malicious scripts and executables can cause harm if clicked by the user. If extensions are added to this allowlist, they can make OneNote and other applications, such as Word and Excel, less secure“.

Which extensions will OneNote block

The 120 extensions that will be blocked are: .ade, .adp, .app, .application, .appref-ms, .asp, .aspx, .asx, .bas, .bat, .bgi, .cab, .cer, .chm, . cmd, .cnt, .com, .cpl, .crt, .csh, .der, .diagcab, .exe, .fxp, .gadget, .grp, .hlp, .hpj, .hta, .htc, .inf, .ins, .iso, .isp, .its, .jar, .jnlp, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas , .mat, .mau, .mav, .maw, .mcf, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, . msh1xml, .msh2xml, .msi, .msp, .mst, .msu, .ops, .osd, .pcd, .pif, .pl, .plg, .prf, .prg, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .psd1, .psdm1, .pst, .py, .pyc, .pyo, .pyw, .pyz, .pyzw, .reg, .scf, .scr, .sct , .shb, .shs, .theme, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vhd, .vhdx, .vsmacros, .vsw, .webpnp, .website, .ws, . wsc, .wsf, .wsh, .xbap, .xll, and .xnk .

Users who choose to open the embedded file anyway can do so by first saving the file locally on their device and then opening it from there.

The development of the matter comes after Microsoft’s decision to block macros by default in Office files downloaded from the Internet prompted cybercriminals (commonly called “hackers”) to switch to the attachments of the well-known application to deliver malware via phishing attacks.

According to the cyber security firm Trellixthe number of downloaded malicious samples of the OneNote application gradually increased from December 2022, before accelerating in February 2023.

summing up

In conclusion, Microsoft’s decision to automatically block files embedded with dangerous extensions in OneNote represents an important step in protecting users from the risk of malware and other cyber attacks.

However, as the growing number of malicious OneNote samples detected by Trellix demonstrates, cybercriminals are constantly looking for new ways to bypass security measures and exploit system vulnerabilities.

Therefore, it is important for users to remain vigilant and always adopt cybersecurity best practices to protect their data and devices.