Attack Surface Reduction rules to abide by: Implementing Attack Surface Reduction rules can greatly limit the scope and impact of most malicious macros.If you’ve completely disabled macros in your organization, then ASR rules are not needed. But if you still rely on macros, the following rules are worth setting:
Block all Office applications from creating child processesBlock execution of potentially obfuscated scriptsBlock JavaScript or VBScript from launching downloaded executable contentBlock Office applications from creating executable contentBlock Office communication application from creating child processesBlock Win32 API calls from Office macrosUse advanced protection against ransomware
Safeguarding against malicious macros on macOS: Office on macOS also offers tools to better protect against malicious macros. For example, macOS uses the platform’s sandbox to limit the damage caused by a malicious document.But don’t be complacent on the Mac platform. Attackers realize we are moving more and more to a blended network of connected Windows and Mac devices. Ensure you also perform due diligence on Apple’s platform to better protect your organization from malicious activity.Here, you can deploy preferences for Office for Mac to better protect your network. The preferences you’ll want to set include:
Disable the VBA object modelDisable Visual Basic system bindingsEnable disabling Visual Basic external library bindingsEnable disabling Visual Basic pipe bindingsEnable disabling Visual Basic invoking AppleScriptNo matter what platform you decide to migrate to, ensure you review the business impact and the security impact on your organization. Migrations due to end-of-life decisions are impactful in more ways than most organizations anticipate.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4016345/end-of-life-for-microsoft-office-puts-malicious-macros-in-the-security-spotlight.html
