Security News > 2023 > March > How to prevent Microsoft OneNote files from infecting Windows with malware
The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks.
To give a little background on how we got to Microsoft OneNote files becoming the tool of choice for malware-distributing phishing attacks, we first need to explain how we got here.
These were popular file formats as a Windows bug allowed files in ISO images to bypass Mark-of-the-Web security warnings, and the popular 7-Zip archive utility did not propagate MoTW flags to files extracted from ZIP archives.
A less restrictive option, but potentially more unsafe, is the 'Embedded Files Blocked Extensions' group policy, which allows you to input a list of embedded file extensions that will be blocked from opening in a Microsoft OneNote document.
While blocking any file type is not always a perfect solution due to an environment's requirements, the results of not doing anything to restrict the abuse of Microsoft OneNote files can be even worse.
New QakNote attacks push QBot malware via Microsoft OneNote files.
News URL
Related news
- Microsoft shares more details on Windows 11 admin protection (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)
- Microsoft announces new and improved Windows 11 security features (source)
- Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity (source)
- Microsoft confirms game audio issues on Windows 11 24H2 PCs (source)
- Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls (source)
- Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs (source)
- Microsoft testing Windows 11 support for third-party passkeys (source)
- Microsoft asks Windows Insiders to try out the controversial Recall feature (source)