Register Get Newsletter Plus Membership
  • Home
    • Newsletters/Alerts
    • Forums
    • About
    • MS-DEFCON System
    • Master Patch List
    • Register
    • Login
Microsoft Patch Defense Condition level 4 There are isolated problems with current patches, but they are well-known and documented on this site.
SIGN IN Not a member? REGISTER PLUS MEMBERSHIP
  • Attack surface reduction rule triggers a mess on Friday the 13

    Posted on January 13, 2023 at 09:00 CST by Susan Bradley • Comment in the Forums

    #Fridaythethirteenthmess

    Microsoft 365 Status on Twitter: “The revert is in progress and may take several hours to complete. We recommend placing the offending ASR rule into Audit Mode to prevent further impact until the deployment has completed. For more details and instructions, please follow the SI MO497128 in your admin center.” / Twitter

    If you set up the Attack surface reduction rule to check Office macros, you have woken up to missing shortcuts. It appears to have been triggered after a defender update. Note this will only occur IF you have attack surface reduction rule enabled. On machines where this is not set, no issues will be seen using Defender.  It is just those with ASR rules enabled.

    The specific rule causing this is

    Block Win32 API calls from Office macros

    Rule-ID 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b

    In Intune or group policy set the rule to audit if Microsoft hasn’t done it for you already.  Now how to deal with the missing shortcuts?

    Emin reports that “If you’ve volume shadow copy enabled, you can find these shorcuts in a VSS snapshot. I still use nowadays this code whenever I’ve to mount/dismount VSS snapshots. https://p0w3rsh3ll.wordpress.com/2014/06/21/mount-and-dismount-volume-shadow-copies/

    Alternatively you can get the shortcuts from Onedrive if the Desktop synchronization was enabled.

    Microsoft’s guidance here:

    I’ll also note this on the Master Patch list – but it’s NOT exactly patch related side effect.

    Windows Patches/Security Master Patch List, Patch Lady Posts
DON'T MISS OUT!
Subscribe to the AskWoody Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address
Thanks for subscribing!

Register
Lost your password?

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.


Get Plus!

Welcome to our unique respite from the madness.

It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Search Newsletters

Search Forums

Advanced Search

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • All Forums
  • Search for Topics

    • Most popular topics
    • Topics with no replies
    • Recently active topics
    • New posts: Last day
    • New posts: Last three days
    • New posts: Last week
    • New posts: Last month
    • Topics with most replies
    • Latest topics

    Recent Topics

    • “Double” DHCP Advanced Router Settings: Is it an issue? by Mike
      6 minutes ago
    • Domain Controllers Patching by amidieus
      4 hours, 31 minutes ago
    • Alexa and Smart Plugs by WSjcgc50
      3 hours, 10 minutes ago
    • Meta Services an Android App or not? by Douglas
      1 minute ago
    • Ubuntu Pro enters general availability by Alex5723
      5 hours, 55 minutes ago
    • UTM 4.1.5 : Run Windows on your Mac for free with this virtualisation tool by Alex5723
      5 hours, 49 minutes ago
    • Windows 11 Insider Preview Build 22621.1245 and 22623.1245 released to BETA by joep517
      6 hours, 25 minutes ago
    • Hive ransomware taken down by Susan Bradley
      1 hour, 2 minutes ago
    • In what universe does it take 24 hours to ‘unfreeze’ files? by Rick Corbett
      4 hours, 46 minutes ago
    • Windows 10 S Mode Installation by R-Type
      11 hours, 2 minutes ago
    • Samsung Galaxy A72 Stuck in Airplane Mode by Alex5723
      2 hours, 7 minutes ago
    • Zacks Investment Research data breach affects 820,000 clients by Nibbled To Death By Ducks
      17 hours, 51 minutes ago
    • Group Taskbar Icons Using Separators by Carol Hornung
      22 hours, 57 minutes ago
    • File Explorer Library by Al Lauck
      20 hours, 41 minutes ago
    • Windows 11 Insider Preview build 25284 released to DEV by joep517
      1 day, 1 hour ago
    • Bitlocker request on boot. by Paul Kruse
      16 hours, 2 minutes ago
    • Preserving downloaded software to CDs by Kathy Stevens
      4 hours, 52 minutes ago
    • AT&T Router “Can’t connect to this network” by Drcard:))
      16 hours, 12 minutes ago
    • Specific update needed from MS for all in one printer. by Black Penquin
      1 day, 2 hours ago
    • Safe to install KB5022476 to a newly built Win 10 Pro 21H2 laptop? by Eddieloh
      1 day, 7 hours ago
    • Hands of Doomsday Clock moved 10 seconds forward because of war in Ukraine by Alex5723
      1 day, 14 hours ago
    • Microsoft faces global outage: Outlook, Teams crash for millions of users by Alex5723
      1 day, 13 hours ago
    • Wine 8.0 Released by Alex5723
      1 day, 16 hours ago
    • OpenCore 6.0. Run macOS Ventura on unsupported Macs by Alex5723
      1 day, 17 hours ago
    • Has anyone tried Epyrus Email? by vandermeer
      2 days, 1 hour ago
    • Would DoubleClick being an Alphabet company fool anyone? by bbearren
      1 day, 11 hours ago
    • Five Very Popular Linux Distros That Are Now DEAD! by Alex5723
      1 day, 6 hours ago
    • Chrome User Agent suddenly showing Windows 10 instead of 7 by Moonbear
      1 day, 2 hours ago
    • Netrunner 23 “Vaporwave” by Alex5723
      2 days, 3 hours ago
    • regedit key search by berniec
      1 day, 13 hours ago

    Recent blog posts

    • MS-DEFCON 4: Patching weather is clearing
    • “What can I use my old computers for?”
    • Is the woman in this video real or a deepfake? Now find out.
    • Get started, but stay original, with Microsoft Designer
    • Microsoft to lay off 10,000 workers
    • When is the right time to buy a Windows 11 computer?
    • Group policy is cool but….
    • How to set up a local account in any edition of Windows 11

    My Profile

    Login and Registration

    • Log In
    • Register

    Key Links

    • > Computerworld's The Microsoft Patch Lady
    • > Computerworld's Woody on Windows
    • AskWoody Knowledge Base index
    • Brian's Muscular Portfolios newsletter
    • Gift subscription for Ask Woody Newsletter
    • Microsoft Answers Forum
    • Tasks for the Weekend YouTube Channel
    January 2023
    S M T W T F S
    1234567
    891011121314
    15161718192021
    22232425262728
    293031  
    « Dec    

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home • About • FAQ • Posts & Privacy • Forums • My Account
    Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts

    Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.