Security News > 2023 > March > How to prevent Microsoft OneNote files from infecting Windows with malware
The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks.
To give a little background on how we got to Microsoft OneNote files becoming the tool of choice for malware-distributing phishing attacks, we first need to explain how we got here.
These were popular file formats as a Windows bug allowed files in ISO images to bypass Mark-of-the-Web security warnings, and the popular 7-Zip archive utility did not propagate MoTW flags to files extracted from ZIP archives.
A less restrictive option, but potentially more unsafe, is the 'Embedded Files Blocked Extensions' group policy, which allows you to input a list of embedded file extensions that will be blocked from opening in a Microsoft OneNote document.
While blocking any file type is not always a perfect solution due to an environment's requirements, the results of not doing anything to restrict the abuse of Microsoft OneNote files can be even worse.
New QakNote attacks push QBot malware via Microsoft OneNote files.
News URL
Related news
- Microsoft's killing script used to avoid Microsoft Account in Windows 11 (source)
- Microsoft tests new Windows 11 tool to remotely fix boot crashes (source)
- New Windows 11 trick lets you bypass Microsoft Account requirement (source)
- Microsoft adds hotpatching support to Windows 11 Enterprise (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft starts testing Windows 11 taskbar icon scaling (source)
- Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option (source)
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)