OneNote Won’t Be Home to Hackers for Long

Microsoft may have intended for its note-taking software, OneNote, to be used for productivity, creativity, and organization. Unfortunately, it’s become the app for hackers and malicious users to target victims with malware. Lucky for the world, Microsoft is changing that for the better. OneNote has become hackers’ go-to means of malware delivery, as Microsoft Word becomes less and less reliable. Word
April 4, 2023
 / 
meritsolutions
 / 
Image

Microsoft may have intended for its note-taking software, OneNote, to be used for productivity, creativity, and organization. Unfortunately, it’s become the app for hackers and malicious users to target victims with malware. Lucky for the world, Microsoft is changing that for the better.

OneNote has become hackers’ go-to means of malware delivery, as Microsoft Word becomes less and less reliable. Word documents were commonly used to deliver malware to victims, who would open the malicious document and trigger the malware to download. According to BleepingComputer, however, Microsoft began implementing security protocols to block this type of activity from malicious Word docs. While hackers still use them, and you should be on alert, they are less common than OneNote files these days.

Hackers switched to OneNote primarily starting in December of last year, and bury malicious software inside these documents under what appears to be legitimate UI.

However, that could change too, as Microsoft is adding increased security measures to OneNote as well. The company says it will “align the files considered dangerous and blocked in OneNote with those blocked by Outlook, Word, Excel, and PowerPoint,” which includes a list of 120 extensions, as highlighted in this Microsoft 365 support document:

.ade, .adp, .app, .application, .appref-ms, .asp, .aspx, .asx, .bas, .bat, .bgi, .cab, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .diagcab, .exe, .fxp, .gadget, .grp, .hlp, .hpj, .hta, .htc, .inf, .ins, .iso, .isp, .its, .jar, .jnlp, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mcf, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, .msh1xml, .msh2xml, .msi, .msp, .mst, .msu, .ops, .osd, .pcd, .pif, .pl, .plg, .prf, .prg, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .psd1, .psdm1, .pst, .py, .pyc, .pyo, .pyw, .pyz, .pyzw, .reg, .scf, .scr, .sct, .shb, .shs, .theme, .tmp, .url, .vb, .vbe, .vbp, .vbs, .vhd, .vhdx, .vsmacros, .vsw, .webpnp, .website, .ws, .wsc, .wsf, .wsh, .xbap, .xll, .xnk

OneNote will soon not only warn you about opening one of these files, but will block you from doing so entirely.

However, if you need to allow certain files type to open on your end, you can enable “Allow file extensions for OLE embedding” from User Configuration -> Policies -> Administrative Templates -> Microsoft Office 2016 -> Security Settings.

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.