Microsoft blocks ‘dangerous’ file extensions in OneNote

Microsoft will now automatically block ‘dangerous’ file types in OneNote notes. The company wants to help reduce the number of malware attacks, which are increasingly carried out via the notes app. The change will take effect in version 2304 of OneNote.

The measure only applies to the OneNote app in Microsoft 365, the OneNote app in Office 2021, Office 2019 and Office 2016. The change is coming according to Microsoft not to the Android, Mac, iOS, and Windows 10 versions of the notes app. It is unclear whether this will change in the future. The list with dangerous file types, according to Microsoft, is the same as Outlook, Word, Excel, and PowerPoint and includes file types such as .app, .gadget, .htc, .iso, .jar, .js, and .exe extensions.

In February of this year, several security companies, including Cyble Research & Intelligence Labs, proof point and Trust wave We know that hackers are increasingly using Microsoft OneNote files to spread malware. In such cases, these hackers distribute .one note files that contain scripts that can then run macros to download malware or trojans. These files can only infect a user’s computer if that user has ignored the Microsoft OneNote warning when clicking an attached file of the note.