From 13677d4666aebdc1b40dcd0fff01dfe25e9f9f0e Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Wed, 1 Nov 2017 15:33:39 -0700 Subject: [PATCH 1/2] update office app types --- .../attack-surface-reduction-exploit-guard.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index a3bb50ab5b..3c6dc15b5e 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -22,6 +22,11 @@ ms.date: 08/25/2017 **Applies to:** - Windows 10, version 1709 +- Microsoft Office 365 +- Microsoft Office 2016 +- Microsoft Office 2013 +- Microsoft Office 2010 + @@ -47,7 +52,7 @@ The feature is comprised of a number of rules, each of which target specific beh - Executable files and scripts used in Office apps or web mail that attempt to download or run files - Scripts that are obfuscated or otherwise suspicious -- Behaviors that apps undertake that are not usually inititated during normal day-to-day work +- Behaviors that apps undertake that are not usually initiated during normal day-to-day work See the [Attack surface reduction rules](#attack-surface-reduction-rules) section in this topic for more information on each rule. @@ -69,6 +74,15 @@ Block JavaScript or VBScript from launching downloaded executable content | D3E0 Block execution of potentially obfuscated scripts | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC Block Win32 API calls from Office macro | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B +The rules apply to the following Office apps running on Windows 10, version 1709. See the **Applies to** section at the start of this topic for a list of supported Office version. + +Supported Office apps: +- Microsoft Word +- Microsoft Excel +- Microsoft PowerPoint +- Microsoft OneNote + +The rules do not apply to any other Office apps. ### Rule: Block executable content from email client and webmail From e5ab7e6c72403a90f05ffd43a07c90f98e9f9ea2 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Thu, 2 Nov 2017 14:02:19 -0700 Subject: [PATCH 2/2] version update --- .../attack-surface-reduction-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 3c6dc15b5e..5173d88d30 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -21,7 +21,7 @@ ms.date: 08/25/2017 **Applies to:** -- Windows 10, version 1709 +- Windows 10, version 1709 (and later) - Microsoft Office 365 - Microsoft Office 2016 - Microsoft Office 2013