Blog

Don’t Let The Recent OneNote Exploit Threaten Your Cybersecurity
We have noticed that malware threat actors have found an exploit within OneNote and we’ve observed a significant increase in the number of malicious files delivered and opened via OneNote email attachments.
Unlike malicious Word and Excel files, OneNote malware and the associated infected files do not require the security prompt asking the end-user to allow macros, thus increasing the chances of unknowingly running the malicious executable.
What you can do
This vulnerability can be addressed by configuring your email to block these potentially malicious OneNote attachments – notably those with .one file extensions- and will only take a few minutes to apply this fix.
Here are more details about the issue.
As always, if you’re an existing TSI client, please don’t hesitate to reach out to your Account Manager at any time to help apply this fix or to learn more about this vulnerability- we’re here to help! If you’re not currently a TSI client, please share this security update with your IT support team or reach out to us at any time using the contact information below. Thank you for taking the time to read our notification and we look forward to providing any further updates as they arise.
Get in Touch with TSI
For more information on Microsoft’s CVE 2022 - 30190 MDST vulnerability or If you have any questions or concerns, please do not hesitate to give us a call at 508-543-6979 or send us a message here to get started.

Cybersecurity and Compliance Manager
Chris Riani joined TSI in 2021, and currently serves as our Cybersecurity and Compliance Manager. Chris has over a decade of experience in IT, with most of his time spent managing and protecting critical IT environments within the DoD and the private sector. A ten-year Air Force Veteran, his background includes Application Administration, Networking, and Systems Design, as well as Virtualization and Cloud Security.
Chris is a graduate of Champlain College in Vermont, where he studied a wide variety of technology and security focused topics. He holds numerous IT and security certifications, such as CompTIA’s CASP+ and is also a CISSP. It comes as no surprise that Chris’s true passion is bridging the gap between operational IT requirements and information security.
Outside of work, Chris enjoys coaching soccer, spending time with his family, and playing the guitar.
Categories
Cyber Security Policy Starter Kit:
10 Critical Policies That Every Company Should Have in Place
