This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.
Attack surface reduction rules help prevent malware from infecting computers with malicious code. Some of these rules aim to reduce your attack surface while you’re using Office applications. You can read about the full list here: Reduce attack surfaces with attack surface reduction rules.
We’re extending a few of these rules to include Office Centennial (the version of Office that comes through the Microsoft Store).
- Block all Office applications from creating child processes
- Block Office communication application from creating child processes
No action is required if you are already running Office Centennial and have any of these rules enabled in either audit or block mode. We’ll be doing a gradual rollout managed via our cloud. You shouldn’t see any change in your environments if you are not running Office Centennial.
The following rules are already enabled for Office Centennial:
- Block Win32 API calls from Office macro
- Block Office applications from creating executable content
You can see how these rules work right now by reading our previous blog post on how to configure, evaluate, and deploy the new rules, and you can go through the evaluation guide on the Windows Defender ATP test ground at https://demo.wd.microsoft.com.