Geekmaster 👽:system76:<p>⚠️ <a href="https://ioc.exchange/tags/MIcrosoftServiceHealth" class="mention hashtag" rel="tag">#<span>MIcrosoftServiceHealth</span></a> <a href="https://ioc.exchange/tags/Advisory" class="mention hashtag" rel="tag">#<span>Advisory</span></a> MO497128: For everyone who lost the use of their <a href="https://ioc.exchange/tags/MicrostfOffice" class="mention hashtag" rel="tag">#<span>MicrostfOffice</span></a> desktop apps today, it's because of an issue that Microsoft is dealing with, related directly to <a href="https://ioc.exchange/tags/Defender" class="mention hashtag" rel="tag">#<span>Defender</span></a> <a href="https://ioc.exchange/tags/AttackSurfaceReduction" class="mention hashtag" rel="tag">#<span>AttackSurfaceReduction</span></a>, or <a href="https://ioc.exchange/tags/ASR" class="mention hashtag" rel="tag">#<span>ASR</span></a> rules. Specifically: "Block Win32 API calls from Office Macros" with ID 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b. </p><p><a href="https://ioc.exchange/tags/Hotfix" class="mention hashtag" rel="tag">#<span>Hotfix</span></a>:<br />Admins can put the ASR rule into <a href="https://ioc.exchange/tags/Audit" class="mention hashtag" rel="tag">#<span>Audit</span></a> Mode to avoid further impact. Please note that you may need to re-enable the rule once the issue has been fully resolved. This can be done through one of the following methods:</p><p>- Using Powershell: Add-MpPreference -AttackSurfaceReductionRules_Ids 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b -AttackSurfaceReductionRules_Actions AuditMode</p><p>- Using Intune: <a href="https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide#mem" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">learn.microsoft.com/en-us/micr</span><span class="invisible">osoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide#mem</span></a> </p><p>- Using Group Policy: <a href="https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide#group-policy" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">learn.microsoft.com/en-us/micr</span><span class="invisible">osoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide#group-policy</span></a> </p><p><a href="https://ioc.exchange/tags/TheMoreYouKnow" class="mention hashtag" rel="tag">#<span>TheMoreYouKnow</span></a> <a href="https://ioc.exchange/tags/SysAdmins" class="mention hashtag" rel="tag">#<span>SysAdmins</span></a></p>