Blocks all Office applications from creating child processes.
It’s time for another Office zero-day vulnerability. This vulnerability has been seen being actively exploited at various locations leading up to the NATO summit. There is also another way to specifically create an Office document to trigger remote code execution when the document is opened and those attachments are expected to be around. Although this vulnerability has not been patched yet, there are ways to protect yourself and those you know who love opening mysterious attachments.
If you’re running Defender for Office and blocking child processes, you’re safe, but the combination of these two features prevents your code from running properly. If you don’t have that option, use the registry to add a number of exe files to a key that prevents child processes from starting. This can be quite problematic for some people, as they may want PowerPoint to be able to communicate with Excel and Graph.
A list of programs to add and more information is available at Bleeping Computer.
