Microsoft is finally cracking down on one of its biggest Windows security risks

Microsoft OneNote review
(Image credit: Microsoft OneNote)

Microsoft  has shared more details about an important security update to OneNote, through which it hopes address the growing issue of its program increasingly being used to push ransomware and other types of malware.

In a new Microsoft 365 support document, the company listed a total of 120 file extensions that will soon be blocked in OneNote. Among the file types .XLL, .ISO, .BAT, and .JS stand out. 

These extensions will also be blocked in other Office 365 programs such as Outlook, Word, Excel, or PowerPoint. 

Blocking files 

While previously, trying to open a OneNote file with a suspicious attachment would bring up a warning notification, the new update will prevent the file from being opened - at all. Instead, the user will be met with a warning dialog saying “Your administrator has blocked your ability to open this file type in OneNote”.

The changes will roll out in Version 2304 in Current Channel (Preview) to OneNote for Microsoft 365, on Windows-powered devices, either in April, or May, this year, it was said. Retail versions of Office 2021, Office 2019, and Office 2016 (Current Channel) will also be updated to reflect these changes, however, volume-licensed versions of Office (Office Standard 2019, or OFfice LTSC Professional Plus 2021) will not get the update.

OneNote on the web, OneNote for Windows 10, OneNote for Mac, or OneNote for Android/iOS will not be updated, as well. 

Ever since Microsoft blocked its productivity apps from running macros, hackers have been looking for a viable alternative to deliver malware. Among the different methods one stood out - OneNote files with malicious attachments. The practice has gotten so tremendously popular, so quickly, that it forced Microsoft’s hand and triggered the upcoming update. 

Another popular method of malware delivery is phishing emails with .ISO files attached which, by sideloading malicious .DLL files, successfully download stage-two payloads to unsuspecting victims’ endpoints.

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.