Even the most harmless apps can serve to infect your computer with malware. This is the case of Microsoft’s OneNote note-taking application. To give extra protection and decrease the risks, the company will take a very aggressive step and block 120 file extensions. So even if they’re in a document, you can’t open them.
What are the extensions? Generally, they would already be suspicious: applications, executables, prompt scripts, macros, ASP, ISO images, and more. Here’s the list:
.ade, .adp, .app, .application, .appref-ms, .asp, .aspx, .asx, .bas, .bat, .bgi, .cab, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .diagcab, .exe, .fxp, .gadget, .grp, .hlp, .hpj, .hta, .htc, .inf, .ins, .iso, .isp, .its, .jar, .jnlp, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mcf, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, .msh1xml, .msh2xml, .msi, .msp, .mst, .msu, .ops, .osd, .pcd, .pif, .pl, .plg, .prf, .prg, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .psd1, .psdm1, .psdm1, .pst, .py, .pyc, .pyo, .pyw, .pyz, .pyzw, .reg, .scf, .scr, .sct, .shb, .shs, .theme, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vhd, .vhdx, .vsmacros, .vsw, .webpnp, .website, .ws, .wsc, .wsf, .wsh, .xbap, .xll, .xnk
OneNote has been the target of attacks
The move comes after waves of phishing attacks that had the app as a vehicle to infect machines with malware. It had been announced on March 10 in the Microsoft 365 apps roadmap.
Malicious actors created documents in OneNote, with embedded malicious files and scripts to hide them, using design elements.
Originally, the program warned users that opening attachments could put their data in danger. Even so, the operation was allowed, even for files marked as dangerous.
With the new measures, you will not be able to open these types of files under any circumstances. When you try, you’ll see a message that your admin has blocked the option to open this type of file in OneNote.
Only for Microsoft 365 and retail Office
The security improvement will be included in OneNote version 2304 and version 2308 for enterprise customers with semi-annual updates.
This goes for Microsoft 365 subscribers and also for those who have the lifetime license of the 2021, 2019, and 2016 versions of Office, as long as it’s the retail-purchased edition.
However, OneNote users on the web, Windows 10, Mac, Android, or iOS will not have access to this protection.
For IT managers, you can block more extensions in security settings. You can also release some blocked by default. Cloud policies can also be changed.