Application security, Malware, Vulnerability Management

Microsoft will block dangerous extensions in note-taking app OneNote

UKRAINE – 2022/01/09: In this photo illustration a Microsoft OneNote logo seen displayed on a smartphone. (Photo Illustration by Igor Golovniov/SOPA Images/LightRocket via Getty Images)

Microsoft improved security for OneNote by blocking files with potentially hazardous extensions from the popular note-taking software.

In a Microsoft 365 security update, the company announced it will block by default the same extensions as Outlook, Word, Excel, and PowerPoint to defend users against ongoing phishing attacks associated with OneNote. 

The list includes a total of 120 extensions, including .XLL, .ISO, .BAT, and .JS, according to a Microsoft 365 support page

full list of blocked extensions

The change now completely blocks suspicious OneNote attachments instead of issuing a warning if a dangerous extension is detected. The user will instead receive a dialog stating that the administrator has restricted their ability to open the file type. 

OneNote warning with new change (Credit: Microsoft)

OneNote is a digital note-taking application bundled in the Office suite and allows users to create, organize and share notes across multiple devices. In February, multiple security firms reported an unusual surge in threat actors abusing OneNote to deliver malware. 

According to Proofpoint, six campaigns were detected using OneNote documents to deliver the AsyncRat malware in December 2022, while over 50 OneNote campaigns were discovered delivering various malware payloads in January. 

“Since Microsoft began blocking macros by default in 2022, threat actors have experimented with many new tactics, techniques, and procedures, including the use of previously infrequently observed filetypes such as virtual hard disk (VHD), compiled HTML (CHM) and now OneNote (.one),” Proofpoint said in a February blog post

Microsoft plans to roll out the feature with Version 2304 in April. The change will affect OneNote for Microsoft 365 on Windows devices. The update, however, does not affect OneNote on Mac OS, OneNote on Android or iOS devices, OneNote on the web, or OneNote for Windows 10. 

Versions of OneNote affected by the change (Credit: Microsoft)
Menghan Xiao

Menghan Xiao is a cybersecurity reporter at SC Media, covering software supply chain security, workforce/business, and threat intelligence. Before SC Media, Xiao studied journalism at Northwestern University, where she received a merit-based scholarship from Medill and Jack Modzelewski Scholarship Fund.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.