Security News > 2023 > April > Microsoft Tightens OneNote Security by Auto-Blocking 120 Risky File Extensions
Microsoft has announced plans to automatically block embedded files with "Dangerous extensions" in OneNote following reports that the note-taking service is being increasingly abused for malware delivery.
Microsoft said it intends to prevent users from directly opening an embedded file with a dangerous extension and display the message: "Your administrator has blocked your ability to open this file type in OneNote."
The update is expected to start rolling out with Version 2304 later this month and only impacts OneNote for Microsoft 365 on devices running Windows.
"By default, OneNote blocks the same extensions that Outlook, Word, Excel, and PowerPoint do," Microsoft said.
Users who opt to still open the embedded file can do so by first saving the file locally to their device and then opening it from there.
The development comes as Microsoft's decision to block macros by default in Office files downloaded from the internet spurred threat actors to switch to OneNote attachments to deliver malware via phishing attacks.
News URL
https://thehackernews.com/2023/04/microsoft-tightens-onenote-security-by.html
Related news
- Microsoft Copilot for Security prepares for April liftoff (source)
- Microsoft’s Security Copilot Enters General Availability (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft squashes SmartScreen security bypass bug exploited in the wild (source)
- Microsoft and Security Incentives (source)
- Microsoft releases Exchange hotfixes for security update issues (source)