Microsoft has announced that it will harden the OneNote application against phishing attacks due to ongoing phishing campaigns.

The company will block 120 high-risk file extensions once the new OneNote security improvements roll out, reports BleepingComputer.

Microsoft said the update will be implemented in the Current Channel (Preview) of OneNote for Microsoft 365 on Windows devices between late April and late May 2023.

Moreover, it also mentioned that it will align the files considered dangerous and blocked in OneNote with those blocked by Outlook, Word, Excel, and PowerPoint, according to the report.

Buy Me A Coffee

Previously, OneNote cautioned users that opening attachments could harm their data but still allowed them to open embedded files labeled as dangerous.

However, once the security enhancement is implemented, users will no longer be able to open files with dangerous extensions, the report said.

Users will now be shown a warning dialogue when a file gets blocked: “Your administrator has blocked your ability to open this file type in OneNote”.

Since mid-December 2022, hackers have been spreading malware using OneNote attachments in phishing emails, infecting victims using remote access malware that can be used to install additional malware, steal passwords, or even cryptocurrency wallets.

For years, attackers have distributed malware in emails via malicious Word and Excel attachments that launch macros to download and install malware.

Microsoft Regains Title of World's Most Valuable Company as Nvidia Shares Dip