HQ/EMEAFind out how we can help your business
The American multinational technology corporation, Microsoft, has disclosed additional details about how OneNote will block malicious files. The company stated that OneNote will now bar potentially malicious file extensions from mitigating the effects of phishing attacks and malware.
Based on reports, Microsoft revealed that the software would receive enhanced security updates in MS 365 roadmap entry in a few weeks. The upgrade is a countermeasure to the ongoing surge of phishing campaigns that exploit the Microsoft tool.
Numerous threat campaigns have used OneNote documents in spear-phishing attacks since December last year after the company fixed a MoTW bypass zero-day. The actors exploited the zero-day to launch malware via ZIP and ISO files and disable Word and Excel macros.
Researchers explained that attackers commonly generate malicious files by attaching compromised scripts to hide their malicious designs.
Microsoft revealed that OneNote would soon adopt security improvements.
According to the company, OneNote will block specific file extensions once it has received security updates. Moreover, the feature will allow MS products such as Word, Outlook, PowerPoint, and Excel to block the same products obstructed by OneNote.
Previously, the software only warned users that accessing unknown attachments could put their data in danger, but it still allows the user to access the file. However, once OneNote receives the security updates, users will no longer have the option to open the files that contain the malicious extensions.
More specifically, the past versions of the software will warn a user by stating that the user’s administrator has blocked its ability to open the file type in OneNote. The upcoming version will completely abandon the warning and prevent the user from clicking the link.
Microsoft revealed that the new upgrades were spread in Version 2304 to OneNote for MS 265 on Windows devices from April to May this year.
The security fix will also roll out in ritual versions of Office 2021, 2019, and 2016. However, volume-licensed versions of Microsoft Office, such as Office LTSC Professional Plus 2021 or Office Standard 2019, will not receive the new updates.
