Microsoft to boost protection against malicious OneNote documents

2023-03-10 14:46

Microsoft has announced that, starting in April 2023, they will be adding enhanced protection when users open or download a file embedded in a OneNote document - a known high-risk phishing file type.

"Users will receive a notification when the files seem dangerous to improve the file protection experience in OneNote on Windows," the company said.

What is Microsoft OneNote, and why do attackers love OneNote docs?

These notes can be used by different users to enhance collaboration, so OneNote documents are often sent from one user to another over the Internet or a network.

"Furthermore, OneNote documents do not include 'Protected View' and Mark-of-the-Web protection increasing the risk of exposure to potentially malicious files and making it attractive to cybercriminals."

Trustwave SpiderLabs researchers have documented several phishing and spear-phishing campaigns using trojanized OneNote documents to deliver malware families like Qakbot, XWorm, Icedid, Formbook, and AsyncRAT. The documents are generally posing as inquiries, statements and invoices, but once opened, they request the user to double-click on a button to view the document.

News URL

https://www.helpnetsecurity.com/2023/03/10/protection-malicious-onenote-documents/

#microsoft #onenote

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		681	811	4523	4180	3707	13221