Microsoft has shared extra data on what malicious embedded recordsdata OneNote will quickly block to defend customers in opposition to ongoing phishing assaults pushing malware.

The corporate first revealed that OneNote will get enhanced safety in a Microsoft 365 roadmap entry revealed three weeks in the past, on March 10, following latest and ongoing waves of phishing assaults pushing malware.

Risk actors have been utilizing OneNote paperwork in spear phishing campaigns since mid-December 2022 after Microsoft patched a MoTW bypass zero-day exploited to drop malware by way of ISO and ZIP recordsdata and eventually disabled Phrase and Excel macros by default.

Risk actors create malicious Microsoft OneNote paperwork by embedding harmful recordsdata and scripts after which hiding them with design components, as proven under.

File varieties thought-about harmful

In the present day, the corporate shared extra particulars concerning what particular file extensions shall be blocked as soon as the brand new OneNote safety enhancements roll out.

Microsoft says it would align the recordsdata thought-about harmful and blocked in OneNote with these blocked by Outlook, Phrase, Excel, and PowerPoint.

The entire listing consists of 120 extensions in keeping with this Microsoft 365 assist doc:

.ade, .adp, .app, .utility, .appref-ms, .asp, .aspx, .asx, .bas, .bat, .bgi, .cab, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .diagcab, .exe, .fxp, .gadget, .grp, .hlp, .hpj, .hta, .htc, .inf, .ins, .iso, .isp, .its, .jar, .jnlp, .js, .jse, .ksh, .lnk, .mad, .maf, .magazine, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mcf, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, .msh1xml, .msh2xml, .msi, .msp, .mst, .msu, .ops, .osd, .pcd, .pif, .pl, .plg, .prf, .prg, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .psd1, .psdm1, .pst, .py, .pyc, .pyo, .pyw, .pyz, .pyzw, .reg, .scf, .scr, .sct, .shb, .shs, .theme, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vhd, .vhdx, .vsmacros, .vsw, .webpnp, .web site, .ws, .wsc, .wsf, .wsh, .xbap, .xll, .xnk

Whereas beforehand, OneNote warned customers that opening attachments may hurt their information however nonetheless allowed them to open the embedded recordsdata tagged as harmful, after the safety enchancment rolls out, customers will not have the selection to open recordsdata with harmful extensions.

Customers shall be proven a warning dialog when a file will get blocked, saying, “Your administrator has blocked your capacity to open this file sort in OneNote.”

Microsoft says the change will start rolling out in Model 2304 in Present Channel (Preview) to OneNote for Microsoft 365 on Home windows gadgets between late April 2023 and late Could 2023.

The safety enchancment may even be accessible in retail variations of Workplace 2021, Workplace 2019, and Workplace 2016 (Present Channel) however not in volume-licensed variations of Workplace, like Workplace Commonplace 2019 or Workplace LTSC Skilled Plus 2021.

Nevertheless, it is not going to be accessible in OneNote on the net, OneNote for Home windows 10, OneNote on a Mac, or OneNote on Android or iOS gadgets.

Managing blocked extensions

To dam extra file extensions you would possibly contemplate harmful, activate the ‘Block extra file extensions for OLE embedding’ coverage below Person ConfigurationPoliciesAdministrative TemplatesMicrosoft Workplace 2016Security Settings and choose the extensions you need to be blocked.

However, if it’s worthwhile to permit particular file extensions that may quickly be blocked by default, you possibly can toggle on the ‘Permit file extensions for OLE embedding’ coverage from the identical location within the Group Coverage Administration Console and specify which extensions you want to permit.

You can even use the Cloud Coverage service for Microsoft 365 to tailor the insurance policies to your preferences. All adjustments you make may even have an effect on different functions, together with Phrase, Excel, and PowerPoint.

These insurance policies are solely accessible for Microsoft 365 Apps for enterprise customers, as they are not accessible in Microsoft Apps for Enterprise.

Microsoft Workplace group insurance policies may also be used to limit the launching of OneNote embedded file attachments till the brand new safety enhancements roll out.