diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index 84481ec609..ad413e8016 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -65,6 +65,14 @@ You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evalua
 
 ## Attack surface reduction rules
 
+Windows 10, version 1803 has five new Attack surface reduction rules:
+
+- Block executable files from running unless they meet a prevalence, age, or trusted list criteria 
+- Use advanced protection against ransomware
+- Block credential stealing from the Windows local security authority subsystem (lsass.exe)
+- Block process creations originating from PSExec and WMI commands 
+- Block untrusted and unsigned processes that run from USB 
+
 The following sections describe what each rule does. Each rule is identified by a rule GUID, as in the following table:
 
 Rule name | GUID