Microsoft has shared extra particulars about an necessary safety replace to OneNote, by which it hopes handle the rising problem of its program more and more getting used to push ransomware and different varieties of malware.
In a brand new Microsoft 365 assist doc (opens in new tab), the corporate listed a complete of 120 file extensions that can quickly be blocked in OneNote. Among the many file sorts .XLL, .ISO, .BAT, and .JS stand out.
These extensions may even be blocked in different Workplace 365 (opens in new tab)packages comparable to Outlook, Phrase, Excel, or PowerPoint.
Whereas beforehand, attempting to open a OneNote file with a suspicious attachment would deliver up a warning notification, the brand new replace will forestall the file from being opened – in any respect. As an alternative, the person will likely be met with a warning dialog saying “Your administrator has blocked your potential to open this file kind in OneNote”.
The adjustments will roll out in Model 2304 in Present Channel (Preview) to OneNote for Microsoft 365, on Home windows-powered gadgets, both in April, or Might, this 12 months, it was mentioned. Retail variations of Workplace 2021, Workplace 2019, and Workplace 2016 (Present Channel) may even be up to date to mirror these adjustments, nevertheless, volume-licensed variations of Workplace (Workplace Commonplace 2019, or OFfice LTSC Skilled Plus 2021) won’t get the replace.
OneNote on the internet, OneNote for Home windows 10, OneNote for Mac, or OneNote for Android/iOS won’t be up to date, as nicely.
Ever since Microsoft blocked its productiveness apps from working macros, hackers have been on the lookout for a viable different to ship malware. Among the many completely different strategies one stood out – OneNote recordsdata with malicious attachments. The follow has gotten so tremendously well-liked, so rapidly, that it compelled Microsoft’s hand and triggered the upcoming replace.
One other well-liked methodology of malware supply is phishing emails with .ISO recordsdata connected which, by sideloading malicious .DLL recordsdata, efficiently obtain stage-two payloads to unsuspecting victims’ endpoints.
Through: BleepingComputer (opens in new tab)