Blog

Don't Let The Recent OneNote Exploit Threaten Your Cybersecurity

Don’t Let The Recent OneNote Exploit Threaten Your Cybersecurity

Chris Riani, CISSP & CMMC Registered Practioner|Feb 10, 2023|

We have noticed that malware threat actors have found an exploit within OneNote and we’ve observed a significant increase in the number of malicious files delivered and opened via OneNote email attachments.

 Unlike malicious Word and Excel files, OneNote malware and the associated infected files do not require the security prompt asking the end-user to allow macros, thus increasing the chances of unknowingly running the malicious executable.

 What you can do

 This vulnerability can be addressed by configuring your email to block these potentially malicious OneNote attachments – notably those with .one file extensions- and will only take a few minutes to apply this fix.

Here are more details about the issue.

As always, if you’re an existing TSI client, please don’t hesitate to reach out to your Account Manager at any time to help apply this fix or to learn more about this vulnerability- we’re here to help!  If you’re not currently a TSI client, please share this security update with your IT support team or reach out to us at any time using the contact information below. Thank you for taking the time to read our notification and we look forward to providing any further updates as they arise.

Get in Touch with TSI

For more information on Microsoft’s CVE 2022 - 30190 MDST vulnerability or If you have any questions or concerns, please do not hesitate to give us a call at 508-543-6979 or send us a message here to get started.

get in touch
Go back to all posts

Categories

Cyber Security Policy Starter Kit:

10 Critical Policies That Every Company Should Have in Place

cyber-security-policy-starter-kit-img
Download Now