Microsoft is set to release a security update for its note-taking app, OneNote, in response to the growing threat of malware and ransomware being spread through the program. The update will block 120 file extensions in OneNote and other Office 365 programs, including Outlook, Word, Excel, and PowerPoint. File types that will be blocked include .XLL, .ISO, .BAT, and .JS, among others.
Previously, attempting to open a OneNote file with a suspicious attachment would trigger a warning notification. With the new update, the file will not be able to be opened at all. Instead, users will receive a warning dialog stating that their administrator has blocked the ability to open the file type in OneNote.
The update will roll out in Version 2304 in Current Channel (Preview) to OneNote for Microsoft 365 on Windows devices, either in April or May of this year. Retail versions of Office 2021, Office 2019, and Office 2016 (Current Channel) will also be updated to reflect these changes, but volume-licensed versions of Office will not receive the update. OneNote on the web, OneNote for Windows 10, OneNote for Mac, or OneNote for Android/iOS will also not be updated.
Hackers have increasingly turned to OneNote files with malicious attachments as a means of delivering malware since Microsoft blocked its productivity apps from running macros. In addition, phishing emails with .ISO files attached have been a popular method of delivering malware. These files sideload malicious .DLL files and successfully download stage-two payloads to victims’ endpoints.
The upcoming security update from Microsoft aims to address these issues and provide greater protection against malware and ransomware attacks. By blocking certain file extensions in OneNote and other Office 365 programs, the company hopes to prevent malicious actors from exploiting these programs to spread malware.
