Security News > 2023 > March > How to prevent Microsoft OneNote files from infecting Windows with malware

The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks.
To give a little background on how we got to Microsoft OneNote files becoming the tool of choice for malware-distributing phishing attacks, we first need to explain how we got here.
These were popular file formats as a Windows bug allowed files in ISO images to bypass Mark-of-the-Web security warnings, and the popular 7-Zip archive utility did not propagate MoTW flags to files extracted from ZIP archives.
A less restrictive option, but potentially more unsafe, is the 'Embedded Files Blocked Extensions' group policy, which allows you to input a list of embedded file extensions that will be blocked from opening in a Microsoft OneNote document.
While blocking any file type is not always a perfect solution due to an environment's requirements, the results of not doing anything to restrict the abuse of Microsoft OneNote files can be even worse.
New QakNote attacks push QBot malware via Microsoft OneNote files.
News URL
Related news
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Microsoft admits GitHub hosted malware that infected almost a million devices (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Microsoft fixes Windows update bug that uninstalled Copilot (source)
- Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix (source)