Microsoft has shared more details about an important security update to OneNote, through which it hopes address the growing issue of its program increasingly being used to push ransomware and other types of malware.
In a new Microsoft 365 support document (opens in new tab), the company listed a total of 120 file extensions that will soon be blocked in OneNote. Among the file types .XLL, .ISO, .BAT, and .JS stand out.
These extensions will also be blocked in other Office 365 (opens in new tab)programs such as Outlook, Word, Excel, or PowerPoint.
Blocking files
While previously, trying to open a OneNote file with a suspicious attachment would bring up a warning notification, the new update will prevent the file from being opened – at all. Instead, the user will be met with a warning dialog saying “Your administrator has blocked your ability to open this file type in OneNote”.
The changes will roll out in Version 2304 in Current Channel (Preview) to OneNote for Microsoft 365, on Windows-powered devices, either in April, or May, this year, it was said. Retail versions of Office 2021, Office 2019, and Office 2016 (Current Channel) will also be updated to reflect these changes, however, volume-licensed versions of Office (Office Standard 2019, or OFfice LTSC Professional Plus 2021) will not get the update.
OneNote on the web, OneNote for Windows 10, OneNote for Mac, or OneNote for Android/iOS will not be updated, as well.
Ever since Microsoft blocked its productivity apps from running macros, hackers have been looking for a viable alternative to deliver malware. Among the different methods one stood out – OneNote files with malicious attachments. The practice has gotten so tremendously popular, so quickly, that it forced Microsoft’s hand and triggered the upcoming update.
Another popular method of malware delivery is phishing emails with .ISO files attached which, by sideloading malicious .DLL files, successfully download stage-two payloads to unsuspecting victims’ endpoints.
Via: BleepingComputer (opens in new tab)