top of page
Search

Microsoft announces plans to automatically block embedded files with dangerous extensions in OneNote



As we all continue to spend more time online, it's important to be aware of the potential dangers that come with it. Microsoft has announced plans to automatically block embedded files with "dangerous extensions" in OneNote following reports that the note-taking service is being increasingly abused for malware delivery. While we all want to be able to trust the platforms we're using, it's important to be vigilant. Up until now, users were shown a dialog warning them that opening such attachments could harm their computer and data, but it was possible to dismiss the prompt and open the files. That's going to change going forward. Microsoft said it intends to prevent users from directly opening an embedded file with a dangerous extension and display the message: "Your administrator has blocked your ability to open this file type in OneNote." The update is expected to start rolling out with Version 2304 later this month and only impacts OneNote for Microsoft 365 on devices running Windows. It does not affect other platforms, including macOS, Android, and iOS, as well as OneNote versions available on the web and for Windows 10. "By default, OneNote blocks the same extensions that Outlook, Word, Excel, and PowerPoint do," Microsoft said. "Malicious scripts and executables can cause harm if clicked by the user. If extensions are added to this allow list, they can make OneNote and other applications, such as Word and Excel, less secure." The list of 120 extensions are as follows - .ade, .adp, .app, .apx, .asp, .bas, .bat, .cer, .chm, .cmd, .com, .cpl, .crt, .dll, .drv, .exe, .fxp, .hlp, .hta, .inf, .ins, .isp, .its, .js, .jse, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb, .mde, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, .msi, .msp, .mst, .ops, .pcd, .pif, .plg, .prf, .prg, .ps1, .ps1xml, .psc1, .psc2, .ptt, .reg, .rgs, .sct, .shb, .shs, .url, .vb, .vbe, .vbp, .vbs, .vsdisco, .ws, .wsc, .wsf, .wsh While we all want to be able to trust the platforms we're using, it's important to be vigilant. Microsoft is making it a little easier for us by blocking files with dangerous extensions in OneNote. The update is expected to start rolling out with Version 2304 later this month and only impacts OneNote for Microsoft 365 on devices running Windows. It does not affect other platforms, including macOS, Android, and iOS, as well as OneNote versions available on the web and for Windows 10. "By default, OneNote blocks the same extensions that Outlook, Word, Excel, and PowerPoint do," Microsoft said. "Malicious scripts and executables can cause harm if clicked by the user. If extensions are added to this allow list, they can make OneNote and other applications, such as Word and Excel, less secure." The list of 120 extensions are as follows - .ade, .adp, .app, .apx, .asp, .bas, .bat, .cer, .chm, .cmd, .com, .cpl, .crt, .dll, .drv, .exe, .fxp, .hlp, .hta, .inf, .ins, .isp, .its, .js, .jse, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb, .mde, .mdz, .msc, .msh, .msh1, .msh2, .mshxml, .msi, .msp, .mst, .ops, .pcd, .pif, .plg, .prf, .prg, .ps1, .ps1xml, .psc1, .psc2, .ptt, .reg, .rgs, .sct, .shb, .shs, .url, .vb, .vbe,

Comments


bottom of page