Microsoft has shared extra data on what malicious embedded recordsdata OneNote will quickly block to defend customers in opposition to ongoing phishing assaults pushing malware.
The corporate first revealed that OneNote will get enhanced security in a Microsoft 365 roadmap entry revealed three weeks in the past, on March 10, following recent and ongoing waves of phishing assaults pushing malware.
Menace actors have been utilizing OneNote paperwork in spear phishing campaigns since mid-December 2022 after Microsoft patched a MoTW bypass zero-day exploited to drop malware through ISO and ZIP recordsdata and eventually disabled Word and Excel macros by default.
Menace actors create malicious Microsoft OneNote paperwork by embedding harmful recordsdata and scripts after which hiding them with design parts, as proven beneath.
File varieties thought of harmful
Right this moment, the corporate shared extra particulars concerning what particular file extensions will probably be blocked as soon as the brand new OneNote safety enhancements roll out.
Microsoft says it’ll align the recordsdata thought of harmful and blocked in OneNote with these blocked by Outlook, Phrase, Excel, and PowerPoint.
The entire listing contains 120 extensions in keeping with this Microsoft 365 support document:
.ade, .adp, .app, .utility, .appref-ms, .asp, .aspx, .asx, .bas, .bat, .bgi, .cab, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .diagcab, .exe, .fxp, .gadget, .grp, .hlp, .hpj, .hta, .htc, .inf, .ins, .iso, .isp, .its, .jar, .jnlp, .js, .jse, .ksh, .lnk, .mad, .maf, .magazine, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mcf, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, .msh1xml, .msh2xml, .msi, .msp, .mst, .msu, .ops, .osd, .pcd, .pif, .pl, .plg, .prf, .prg, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .psd1, .psdm1, .pst, .py, .pyc, .pyo, .pyw, .pyz, .pyzw, .reg, .scf, .scr, .sct, .shb, .shs, .theme, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vhd, .vhdx, .vsmacros, .vsw, .webpnp, .web site, .ws, .wsc, .wsf, .wsh, .xbap, .xll, .xnk
Whereas beforehand, OneNote warned customers that opening attachments might hurt their knowledge however nonetheless allowed them to open the embedded recordsdata tagged as harmful, after the safety enchancment rolls out, customers will not have the selection to open recordsdata with harmful extensions.
Customers will probably be proven a warning dialog when a file will get blocked, saying, “Your administrator has blocked your skill to open this file kind in OneNote.”
Microsoft says the change will start rolling out in Model 2304 in Present Channel (Preview) to OneNote for Microsoft 365 on Home windows gadgets between late April 2023 and late Could 2023.
The safety enchancment may also be accessible in retail variations of Workplace 2021, Workplace 2019, and Workplace 2016 (Present Channel) however not in volume-licensed variations of Workplace, like Workplace Normal 2019 or Workplace LTSC Skilled Plus 2021.
Nonetheless, it is not going to be accessible in OneNote on the internet, OneNote for Home windows 10, OneNote on a Mac, or OneNote on Android or iOS gadgets.
|Replace channel||Model||Launch date|
|Present Channel (Preview)||Model 2304||First half of April 2023|
|Present Channel||Model 2304||Second half of April 2023|
|Month-to-month Enterprise Channel||Model 2304||June 13, 2023|
|Semi-Annual Enterprise Channel (Preview)||Model 2308||September 12, 2023|
|Semi-Annual Enterprise Channel||Model 2308||January 9, 2024|
Managing blocked extensions
To dam extra file extensions you may think about harmful, activate the ‘Block extra file extensions for OLE embedding’ coverage below Consumer ConfigurationPoliciesAdministrative TemplatesMicrosoft Workplace 2016Security Settings and choose the extensions you wish to be blocked.
Then again, if you have to enable particular file extensions that can quickly be blocked by default, you possibly can toggle on the ‘Permit file extensions for OLE embedding’ coverage from the identical location within the Group Coverage Administration Console and specify which extensions you want to enable.
It’s also possible to use the Cloud Coverage service for Microsoft 365 to tailor the insurance policies to your preferences. All modifications you make may also have an effect on different functions, together with Phrase, Excel, and PowerPoint.
These insurance policies are solely accessible for Microsoft 365 Apps for enterprise customers, as they don’t seem to be accessible in Microsoft Apps for Enterprise.
Microsoft Workplace group insurance policies can also be used to limit the launching of OneNote embedded file attachments till the brand new safety enhancements roll out.