Tuesday, 24 October 2017

Windows Defender Exploit Guard Protects Against DDE Attacks

With the launch of the Windows 10 Fall Creators Update, Microsoft has added new security measures to the operating system, which, among other things, protect against the DDE attack that has been in the news lately. The new security measures are called Microsoft Windows Defender Exploit Guard. It is a collection of features that should protect users from various threats.

For example, the feature is called Controlled folder access, which protects directories against ransomware. Only authorized applications will have access to files in specified folders in this case. Unauthorized executable files, dll files and scripts will not be accessed, even if they are running administrative privileges. In case ransomware approaches the files in the specified folders, Windows 10 gives a warning.

Attack Surface Reduction

Another feature is Attack Surface Reduction (ASR). This is a set of controls that allow organizations to prevent an attacker from infecting emails, scripts, or Microsoft Office systems. In the case of Microsoft Office, ASR can prevent apps from creating executable content or injecting themselves into a process. Also, macro code is blocked. Another attack that blocks ASR is through the Microsoft Office DDE feature, so Microsoft has announced .

The Dynamic Data Exchange (DDE) feature of Microsoft Office makes it possible to inject data from, for example, an Excel document into a Word document. This will add code to one document that points to the data in the other document. Instead of a document, malicious code may also be linked. Attackers now use this feature to infect internet users through Word documents with ransomware and other malware. Windows Defender Exploit Guard can detect and stop this attack. Furthermore, the feature stops JavaScript, VBScript and PowerShell code, as well as executable content that enters email or webmail.

Exploitation Protection

Windows Defender Exploit Guard also provides protection against exploits. It replaces Microsoft's well-known Enhanced Mitigation Experience Toolkit (EMET). Like EMET, Exploit Guard provides the system with additional security that provides protection against known and unknown exploits. The Fall Creators Update will remove EMET on Windows 10 computers if this tool is installed. EMET users can import their settings within Exploit Guard. The Fall Creators Update will be rolled out in Windows 10 in the coming months and can be installed manually .

No comments:

Post a Comment