Disable DDEAUTO for Microsoft Word, Excel, Outlook, versions 2010, 2013, 2016 Appears to block known DDE attacks.https://gist.github.com/wdormann/732bb88d9b5dd5a66c9f1e1498f31a1b …
-
Show this thread
-
The Windows 10 ASR feature (set D4F940AB-401B-4EFC-AADC-AD5F3C50688A to 1) also blocks attacks across the board. https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction …pic.twitter.com/uemBS2WmiK
1 reply 18 retweets 33 likesShow this thread -
Except apparently ASR doesn't apply towards Outlook! The Outlook vector that
@GossiTheDog described still works with ASR enabled. Sigh...pic.twitter.com/yVl1QajRkv
2 replies 8 retweets 22 likesShow this thread -
-
Replying to @GossiTheDog
Probably because people need the ability to open email attachments?
1 reply 0 retweets 1 like -
-
Replying to @GossiTheDog
Actually, it hasn't been a separate process since Office 2003. And even then, it was via DCOM. I still blame email attachments as the reasonpic.twitter.com/RAUkYhCdjJ
1 reply 0 retweets 0 likes -
Replying to @wdormann
It spawns it for RTF emails I believe, for OLE and DDE
1 reply 0 retweets 0 likes -
Replying to @GossiTheDog
If it's not a child process, I don't think that the ASR option would come in to play. If winword.exe is spawned, it's via DCOM, so not childpic.twitter.com/IL0yYzXGmY
1 reply 0 retweets 1 like
The only time I've seen Outlook newer than 2003 actually spawn winword.exe is if I embed a new OLE Word doc. And even then, it's via DCOM.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.