Security News > 2023 > March > How to prevent Microsoft OneNote files from infecting Windows with malware
The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks.
To give a little background on how we got to Microsoft OneNote files becoming the tool of choice for malware-distributing phishing attacks, we first need to explain how we got here.
These were popular file formats as a Windows bug allowed files in ISO images to bypass Mark-of-the-Web security warnings, and the popular 7-Zip archive utility did not propagate MoTW flags to files extracted from ZIP archives.
A less restrictive option, but potentially more unsafe, is the 'Embedded Files Blocked Extensions' group policy, which allows you to input a list of embedded file extensions that will be blocked from opening in a Microsoft OneNote document.
While blocking any file type is not always a perfect solution due to an environment's requirements, the results of not doing anything to restrict the abuse of Microsoft OneNote files can be even worse.
New QakNote attacks push QBot malware via Microsoft OneNote files.
News URL
Related news
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft rolls back decision to stop Windows 11 22H2 preview updates (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs (source)
- Microsoft is killing off the Android apps in Windows 11 feature (source)
- Microsoft says Windows 10 21H2 support is ending in June (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)