Two weeks ago, I wrote here in the community about OneNote files being used to spread malware via embedded executables.
Microsoft has announced that OneNote will be updated in April or May to make it harder for malware that attacks OneNote files to spread.
https://learn.microsoft.com/en-us/deployoffice/security/onenote-extension-block
A total of 120 file extensions are blocked in OneNote and can no longer be opened and executed. The blocked extensions are the same as in the other Microsoft 365 programs, a list of affected extensions can be found here: https://support.microsoft.com/office/434752e1-02d3-4e90-9124-8b81e49a8519
You can open affected embedded files by saving them to your local computer and opening them from there. Just make sure that the sender is trustworthy and think twice before running unknown files!
The update will be applied to the Microsoft 365 version of OneNote and all supported versions of MS Office for retail (Office 2021, Office 2019 and Office 2016).
However, volume licensed versions (Office Standard 2019 or Office LTSC Professional Plus 2021) will not receive the update, nor will OneNote on the Web, OneNote for Windows 10, OneNote for Mac, and OneNote for Android.