Microsoft will block 120 high-risk file extensions in OneNote

Martin Brinkmann
Mar 31, 2023
Updated • Feb 12, 2024
Microsoft Office
|
3

As a consequence of ongoing phishing campaigns using Microsoft OneNote, Microsoft announced that it would harden the application against phishing attacks in early March 2023. Microsoft planned to start the rollout of the security change in April 2023. The company has now published several support documents that provide system administrators and users with additional information.

The main change that Microsoft will introduce changes how 120 high-risk file extensions are handled by the application. OneNote showed a warning to users when they were about to open a high-risk attachment. Users were able to bypass the warning to open the extension.

The OneNote update will block the direct opening of embedded files, if the file extension is on Microsoft's list of dangerous extensions.

onenote dialog block

OneNote users see "Your administrator has blocked your ability to open this file type in OneNote". The dialog has just an ok button, and a close window control, but no option anymore to execute the embedded file.

The high risk file extensions match the filter lists of other Microsoft products, including Outlook. The full list is available on this support page. It includes common file extensions such as .exe, .iso or .bat, but also many lesser known file extensions.

Here is the full list of blocked extensions:

.ade .adp .app .application .appref-ms .asp .aspx .asx .bas .bat .bgi .cab .cer .chm .cmd .cnt .com .cpl .crt .csh .der .diagcab .exe .fxp .gadget .grp .hlp .hpj .hta .htc .inf .ins .iso .isp .its .jar .jnlp .js .jse .ksh .lnk .mad .maf .mag .mam .maq .mar .mas .mat .mau .mav .maw .mcf .mda .mdb .mde .mdt .mdw .mdz .msc .msh .msh1 .msh2 .mshxml .msh1xml .msh2xml .msi .msp .mst .msu .ops .osd .pcd .pif .pl .plg .prf .prg .printerexport .ps1 .ps1xml .ps2 .ps2xml .psc1 .psc2 .psd1 .psdm1 .pst .py .pyc .pyo .pyw .pyz .pyzw .reg .scf .scr .sct .shb .shs .theme .tmp .url .vb .vbe .vbp .vbs .vhd .vhdx .vsmacros .vsw .webpnp .website .ws .wsc .wsf .wsh .xbap .xll .xnk

Administrators may add more file extensions to the blocklist. They may use the Block additional file extensions for OLE embedding” policy for that, which is found under User Configuration\Policies\Administrative Templates\Microsoft Office 2016\Security Settings in the Group Policy Management Console.

Another option is to use the Cloud Policy service for Microsoft 365. The policies are only available for Microsoft 365 apps for enterprise, and not for Microsoft Apps for Business. Microsoft notes further that administrators should not use the "Embedded Files Blocked Extensions" policy, but without explanation.

There is also a policy to allow certain blocked file extensions. This is handled by "Allow file extensions for OLE embedding" found under User Configuration\Policies\Administrative Templates\Microsoft Office 2016\Security Settings in the Group Policy Management Console. Changes made to this policy do affect other Microsoft 365 apps, including Word, Excel and PowerPoint.

How to bypass the embedded file block in OneNote

OneNote users can't open high-risk files, based on their extension, anymore directly. Microsoft notes that users may save the embedded files to the local system to execute them there, provided that they trust the sender. Security solutions may block the execution of these saved files, however.

OneNote versions that support the change

The change affects OneNote for Microsoft 365 and OneNote in retail versions of Office. It does not affect OneNote for Mac, Android and iOS, OneNote on the web, OneNote for Windows 10, or OneNote in volume licensed versions of Office.

Update channelVersionRelease date
Current Channel (Preview) Version 2304 First half of April 2023
Current Channel Version 2304 Second half of April 2023
Monthly Enterprise Channel Version 2304 June 13, 2023
Semi-Annual Enterprise Channel (Preview) Version 2308 September 12, 2023
Semi-Annual Enterprise Channel Version 2308 January 9, 2024

OneNote in retail versions of Office follows the Current Channel release data.

Summary
Microsoft will block 120 high-risk file extensions in OneNote
Article Name
Microsoft will block 120 high-risk file extensions in OneNote
Description
Microsoft will start blocking over 120 high-risk file extensions in OneNote to improve protections against ongoing abuse my threat actors.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. basingstoke said on March 31, 2023 at 6:23 pm
    Reply

    Okay that error message has “triggered” me, it’s the exact same crap as when Outlook 2007 stopped being supported, and the error message contained “your administrator…”. You can’t put the blame on IT departments for changes YOU make, Microsoft.

  2. John G. said on March 31, 2023 at 1:42 pm
    Reply

    Nice movement to increase security. This should be applied to more apps as soon as possible, blocking suspicious file extensions or common patterns of malware and so forth. Thanks for the article!

    1. Herman Cost said on March 31, 2023 at 4:00 pm
      Reply

      You might not think that when something you want but Microsoft does not like for whatever reason (you can be sure that they won’t tell you why they think the extension is risky) is blocked. I always want a straightforward option to override this kind of operating system action (saving the files to a local hard drive is an option that will only be available to the very few users who are aware that they can do this).

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.