Even the most harmless apps can serve to infect your computer with malware. This is the case with the notes application OneNote, by Microsoft. To give extra protection and reduce the risks, the company will take a very aggressive measure and block 120 file extensions. Thus, even if they are in a document, it will not be possible to open them.
What extensions? Generally, they would already be suspicious: applications, executables, prompt scripts, macros, ASP, ISO images, and more. Follow the list:
.ade, .adp, .app, .application, .appref-ms, .asp, .aspx, .asx, .bas, .bat, .bgi, .cab, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .diagcab, .exe, .fxp, .gadget, .grp, .hlp, .hpj, .hta, .htc, .inf, .ins, .iso , .isp, .its, .jar, .jnlp, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, . bad, .mav, .maw, .mcf, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, .msh1xml, .msh2xml, .msi, .msp, .mst, .msu, .ops, .osd, .pcd, .pif, .pl, .plg, .prf, .prg, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml , .psc1, .psc2, .psd1, .psdm1, .pst, .py, .pyc, .pyo, .pyw, .pyz, .pyzw, .reg, .scf, .scr, .sct, .shb, . shs, .theme, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vhd, .vhdx, .vsmacros, .vsw, .webpnp, .website, .ws, .wsc, .wsf, .wsh, .xbap, .xll, .xnk
OneNote was attacked
The measurement comes after waves of attacks phishing scams that used the app as a vehicle to infect machines with malware. It had been announced on March 10 in the Microsoft 365 Apps roadmap.
Malicious actors created documents in OneNote, with malicious files embedded and scripts to hide them, using design elements.
Originally, the program warned users that opening attachments could endanger their data. Even so, the operation was allowed, even for files marked as dangerous.
With the new measures, it will not be possible to open these types of files under any circumstances. When you try, a message will appear saying that the administrator has blocked the option to open this type of file in OneNote.
Only for retail Microsoft 365 and Office
The security improvement will be included in OneNote version 2304 and in version 2308 for enterprise customers with semi-annual updates.
This goes for Microsoft 365 subscribers as well as lifetime license holders of the 2021, 2019, and 2016 versions of Office, as long as it’s the retail edition.
However, OneNote users on the web, Windows 10, Mac, Android or iOS will not have access to this protection.
For IT managers, you can block more extensions in security settings. You can also release some locked by default. Cloud policies can also be changed.
With information: Bleeping Computer, gHacks
