Microsoft has recently announced that it plans to block files with dangerous file extensions that are embedded in OneNote files. The company says this is a necessary step due to the increased use of OneNote email attachments by cyber attackers to distribute malware. Currently, OneNote displays a warning that the file could be dangerous, but allows users to simply click “OK” to proceed regardless. However, the upcoming changes will block the direct opening of such attachments, and instead display a message that the administrator has blocked the user from opening these types of files in OneNote.
Initially, the list of blocked file types will correspond to that of Microsoft Outlook, but IT managers will be able to customize it with group policies, albeit only in Microsoft 365 Apps for Enterprise. OneNote for Android, iOS, Mac, and Windows 10 will not have this filter. In the unlikely event that recipients trust a sender of a file with a potentially dangerous extension, Microsoft advises them to save it locally and then try to open it again. However, there is a risk that the file could be intercepted and blocked by virus protection or Microsoft’s Smart App Control.
Microsoft plans to distribute this update over a longer period of time, with the preview channel in version 2304 set to receive it in early April, and the “Current” channel from the second half of April. The Monthly Enterprise Channel is due to receive it on June 13, 2023. Meanwhile, the preview of the semi-annual enterprise update in version 2308 is scheduled for September 12th of that year, and the final release will appear on January 9, 2024. Retail versions of Microsoft Office 2016, 2019, and 2021 will receive the change at the same time as the “Current” channel but Office versions with volume licenses will not.
This is part of Microsoft’s ongoing efforts to improve OneNote’s security. The company recently announced that it planned to enhance protection against OneNote phishing since mid-March. With cyber criminals increasingly using OneNote attachments to distribute malware, it is important that users be cautious and stay updated with the latest security measures.
