Cyber Resilience – Microsoft Will Begin Blocking Dangerous Extensions in OneNote

As WaterISAC has reported multiple times since January, threat actors made a significant pivot to abusing OneNote to spread malware after Microsoft automatically blocked macros last year. Due to this surge in activity, Microsoft has announced they will begin blocking files within OneNote that contain dangerous extensions, similar to Outlook, Word, Excel, and PowerPoint. Microsoft has included 120 file types/extensions along with the capability to block additional extensions if needed. Likewise, if blocked files need to be accessed, Microsoft recommends alternative methods to safely share files. It should be noted, similar to Microsoft’s prior macro blocking, this protection method only impacts OneNote for Microsoft 365 on devices running Windows – this will NOT protect OneNote on the web, OneNote for Windows 10, OneNote on a Mac, or OneNote on Android or iOS devices. This change will begin rolling out in April. With Microsoft products being widely used, members are encouraged to consider how this change will impact your environment and address accordingly. Read more at SC Magazine.