Microsoft Will Block Dangerous File Types in OneNote Documents
Last year, Microsoft started blocking macros by default in Office files delivered via the Internet to make it harder for malicious actors to use macros for delivering malware. In response, threat actors have been looking for alternative methods for malware delivery, such as OneNote files.
OneNote is a digital note-taking application that is part of the Microsoft Office suite and it has been proving popular for malware distribution because executable files can be embedded in OneNote documents. These files are usually hidden behind design elements in the documents, such as buttons instructing users to click to view the content. The user is informed that they need to double-click the button, but doing so executes the hidden embedded executable file behind the button. If executed, the hidden executable file downloads a malicious payload from a remote server. In recent weeks, several campaigns have been detected that use OneNote attachments for distributing malware, including AsyncRat, Emotet, and QBot.
In response to the increasing misuse of OneNote files in phishing campaigns, Microsoft announced last month that it would be augmenting security for OneNote. OneNote currently generates a warning that opening attachments in OneNote files is potentially dangerous; however, these dialog boxes can be closed, allowing the embedded attachments to be opened.
Microsoft provided an update this month on the security update and confirmed that users will no longer be able to close the dialog box and open the embedded files. When the update is applied, 120 dangerous file types will be blocked in OneNote. The blocked file types will be the same as those that are currently blocked by Word, Excel, PowerPoint, and Outlook. If a user attempts to open one of these dangerous file types, a dialog window will be generated that warns the user that “Your administrator has blocked your ability to open this file type in OneNote.”
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Dangerous file types will be blocked in OneNote documents from April 2023.
Microsoft will be rolling out the security updates later this month starting with OneNote Version 2304, which will protect users of OneNote for Microsoft 365 on Windows devices. The update will also be applied to the retail versions of Office 2021, Office 2019, and Office 2016 (Current Channel), followed by Version 2304 for the Enterprise Channel in June 2023. The update will be applied to Version 2308 for the Semi-Annual Enterprise Channel (Preview) in September 2023, and the Semi-Annual Enterprise Channel in January 2024. Microsoft said the update will not affect OneNote on the web, OneNote for Windows 10, OneNote for MacOS, or OneNote for Android or iOS devices.
