Microsoft has actually shared more info on what destructive ingrained files OneNote will quickly obstruct to protect users versus continuous phishing attacks pressing malware.
The business initially exposed that OneNote will get boosted security in a Microsoft 365 roadmap entry released 3 weeks back, on March 10, following current and continuous waves of phishing attacks pressing malware.
Danger stars have actually been utilizing OneNote files in spear phishing projects because mid-December 2022 after Microsoft covered a MoTW bypass zero-day made use of to drop malware by means of ISO and ZIP files and lastly handicapped Word and Excel macros by default
Danger stars develop destructive Microsoft OneNote files by embedding hazardous files and scripts and after that concealing them with style aspects, as revealed listed below.
Submit types thought about hazardous
Today, the business shared more information concerning what particular file extensions will be obstructed when the brand-new OneNote security enhancements present.
Microsoft states it will line up the files thought about hazardous and obstructed in OneNote with those obstructed by Outlook, Word, Excel, and PowerPoint.
The total list consists of 120 extensions according to this Microsoft 365 assistance file:
ade,.adp,.app,.application,.appref-ms,. asp,. aspx,. asx,. bachelor's degree,. bat,. bgi,. taxi,. cer,. chm,. cmd,. cnt,. com,. cpl,. crt,. csh,. der,. diagcab,. exe,. fxp,. gizmo,. grp,. hlp,. hpj,. hta,. htc,. inf,. ins,. iso,. isp,. its,. container,. jnlp,. js,. jse,. ksh,. lnk,. mad,. maf,. mag,. mam,. maq,. mar,. mas,. mat,. mau,. mav,. maw,. mcf,. mda,. mdb,. mde,. mdt,. mdw,. mdz,. msc,. msh,. msh1,. msh2,. mshxml,. msh1xml,. msh2xml,. msi,. msp,. mst,. msu,. ops,. osd,. pcd,. pif,. pl,. plg,. prf,. prg,. printerexport,. ps1,. ps1xml,. ps2,. ps2xml,. psc1,. psc2,. psd1,. psdm1,. pst,. py,. pyc,. pyo,. pyw,. pyz,. pyzw,. reg,. scf,. scr,. sct,. shb,. shs,. style,. tmp,. url,. vb,. vbe,. vbp,. vbs,. vhd,. vhdx,. vsmacros,. vsw,. webpnp,. site,. ws,. wsc,. wsf,. wsh,. xbap,. xll,. xnkWhile formerly, OneNote cautioned users that opening accessories might hurt their information however still enabled them to open the ingrained files tagged as hazardous, after the security enhancement presents, users will no longer have the option to open files with hazardous extensions.
Users will be revealed a caution dialog when a file gets obstructed, stating, “Your administrator has actually obstructed your capability to open this file key in OneNote.”
Microsoft states the modification will start presenting in Variation 2304 in Present Channel (Sneak Peek) to OneNote for Microsoft 365 on Windows gadgets in between late April 2023 and late May 2023.
The security enhancement will likewise be readily available in retail variations of Workplace 2021, Workplace 2019, and Workplace 2016 (Present Channel) however not in volume-licensed variations of Workplace, like Workplace Requirement 2019 or Workplace LTSC Expert Plus 2021.
Nevertheless, it will not be readily available in OneNote online, OneNote for Windows 10, OneNote on a Mac, or OneNote on Android or iOS gadgets.
| Update channel | Variation | Launch date |
| Present Channel (Sneak Peek) | Variation 2304 | Very first half of April 2023 |
| Present Channel | Variation 2304 | 2nd half of April 2023 |
| Month-to-month Business Channel | Variation 2304 | June 13, 2023 |
| Semi-Annual Business Channel (Sneak Peek) | Variation 2308 | September 12, 2023 |
| Semi-Annual Business Channel | Variation 2308 | January 9, 2024 |
Handling obstructed extensions
To obstruct extra file extensions you may think about hazardous, trigger the ‘Block extra file extensions for OLE embedding’ policy under User ConfigurationPoliciesAdministrative TemplatesMicrosoft Workplace 2016Security Settings and pick the extensions you wish to be obstructed.
On the other hand, if you require to permit particular file extensions that will quickly be obstructed by default, you can toggle on the ‘Enable file extensions for OLE embedding’ policy from the exact same place in the Group Policy Management Console and define which extensions you want to permit.
You can likewise utilize the Cloud Policy service for Microsoft 365 to customize the policies to your choices. All modifications you make will likewise impact other applications, consisting of Word, Excel, and PowerPoint.
These policies are just readily available for Microsoft 365 Apps for business users, as they aren’t readily available in Microsoft Apps for Company.
Microsoft Workplace group policies can likewise be utilized to limit the introducing of OneNote ingrained file accessories up until the brand-new security enhancements present.