Skip to content

Microsoft’s OneNote will now auto-block 120 file extensions

  • by
  • 2 min read

After its OneNote app was repeatedly abused to deliver malware, Microsoft has announced that it’ll be implementing an auto-block feature for 120 potentially risky file extensions. So far, the app only showed a warning message when opening potentially risky attachments, but going forward Microsoft intends to completely block users from opening an embedded file. 

The company has provided a complete list of these extensions in a support article in addition to suggesting safe file-sharing alternatives such as sharing files via OneDrive or SharePoint, using a compression utility or simply renaming the file to use an extension Outlook doesn’t block. The update will block some of the most commonly abused file extensions such as EXE, ISO, REG, JAR, BAT, PY, JS, MSI and CMD among others. 

Users who want to open these embedded files regardless can still do so by first downloading the file to their computers and then opening it from their local storage. The update will start rolling out with OneNote version 2304 which is expected to arrive later this month. One key thing to note is that the change only affects OneNote for Microsoft 365 for devices running Windows.

Other OneNote versions running on different platforms like Android, iOS, macOS and the web remain unaffected. Additionally, the change also affects OneNote in retail versions of Office 2021, Office 2019 and Office 2016. OneNote included in volume licensed versions of Office such as Office LTSC Professional Plus 2021 or Office Standard 2019 remains unaffected.

The change comes in the wake of Microsoft blocking macros on Office applications for the very same reasons. Macros in Office programs have been abused for quite some time to act as attack vectors and deliver malicious payloads disguised as important documents. Blocking Macros by default led threat actors to quickly adapt OneNote for nefarious purposes, and that train seems to have come to a halt, at least for Microsoft 365 subscribers. 

In the News: Spotify Live isn’t live anymore

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here:

Exit mobile version