Geekmaster 👽:system76:<p>⚠️ <a href="https://ioc.exchange/tags/MIcrosoftServiceHealth" class="mention hashtag" rel="tag">#<span>MIcrosoftServiceHealth</span></a> <a href="https://ioc.exchange/tags/Advisory" class="mention hashtag" rel="tag">#<span>Advisory</span></a> MO497128: For everyone who lost the use of their <a href="https://ioc.exchange/tags/MicrostfOffice" class="mention hashtag" rel="tag">#<span>MicrostfOffice</span></a> desktop apps today, it's because of an issue that Microsoft is dealing with, related directly to <a href="https://ioc.exchange/tags/Defender" class="mention hashtag" rel="tag">#<span>Defender</span></a> <a href="https://ioc.exchange/tags/AttackSurfaceReduction" class="mention hashtag" rel="tag">#<span>AttackSurfaceReduction</span></a>, or <a href="https://ioc.exchange/tags/ASR" class="mention hashtag" rel="tag">#<span>ASR</span></a> rules. Specifically: "Block Win32 API calls from Office Macros" with ID 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b. </p><p><a href="https://ioc.exchange/tags/Hotfix" class="mention hashtag" rel="tag">#<span>Hotfix</span></a>:<br />Admins can put the ASR rule into <a href="https://ioc.exchange/tags/Audit" class="mention hashtag" rel="tag">#<span>Audit</span></a> Mode to avoid further impact. Please note that you may need to re-enable the rule once the issue has been fully resolved. This can be done through one of the following methods:</p><p>- Using Powershell: Add-MpPreference -AttackSurfaceReductionRules_Ids 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b -AttackSurfaceReductionRules_Actions AuditMode</p><p>- Using Intune: <a href="https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide#mem" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">learn.microsoft.com/en-us/micr</span><span class="invisible">osoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide#mem</span></a> </p><p>- Using Group Policy: <a href="https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide#group-policy" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">learn.microsoft.com/en-us/micr</span><span class="invisible">osoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide#group-policy</span></a> </p><p><a href="https://ioc.exchange/tags/TheMoreYouKnow" class="mention hashtag" rel="tag">#<span>TheMoreYouKnow</span></a> <a href="https://ioc.exchange/tags/SysAdmins" class="mention hashtag" rel="tag">#<span>SysAdmins</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC)
InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.
Administered by:
Server stats:
1.4Kactive users
ioc.exchange: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#MicrostfOffice
0 posts · 0 participants · 0 posts today
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload