|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Attack surface reduction rule triggers a mess on Friday the 13
#Fridaythethirteenthmess
If you set up the Attack surface reduction rule to check Office macros, you have woken up to missing shortcuts. It appears to have been triggered after a defender update. Note this will only occur IF you have attack surface reduction rule enabled. On machines where this is not set, no issues will be seen using Defender. It is just those with ASR rules enabled.
The specific rule causing this is
Block Win32 API calls from Office macros
Rule-ID 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b
In Intune or group policy set the rule to audit if Microsoft hasn’t done it for you already. Now how to deal with the missing shortcuts?
Emin reports that “If you’ve volume shadow copy enabled, you can find these shorcuts in a VSS snapshot. I still use nowadays this code whenever I’ve to mount/dismount VSS snapshots. https://p0w3rsh3ll.wordpress.com/2014/06/21/mount-and-dismount-volume-shadow-copies/
Alternatively you can get the shortcuts from Onedrive if the Desktop synchronization was enabled.
Microsoft’s guidance here:
I’ll also note this on the Master Patch list – but it’s NOT exactly patch related side effect.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Apple zero days out – September 2023
by 3 minutes ago
-
No shortcuts to files on Taskbar in Win11
by 3 hours, 20 minutes ago
-
“New” Google Sites vs Network Solutions: domain resolution
by 7 hours, 38 minutes ago
-
Topic: Privacy Report on Modern Cars
by 1 hour, 31 minutes ago
-
Microsoft’s massive Windows 11 update, featuring Copilot AI, begins rolling out
by 8 hours, 58 minutes ago
-
MailStore Home updates
by 22 hours, 43 minutes ago
-
T-Mobile users say they see other people’s account information
by 1 day, 9 hours ago
-
Retirement of Exchange Web Services in Exchange Online
by 1 day, 22 hours ago
-
What Remote Desktop credentials do I use to access a MS Account computer
by 11 hours, 27 minutes ago
-
Office 2003 Compatibility with One Drive in Windows 11
by 2 days, 9 hours ago
-
Has KB5030219 been pulled for Windows 11 Pro for Workstations?
by 11 hours, 42 minutes ago
-
By default encryption on Apple
by 2 days, 2 hours ago
-
KB5029331 Macrium/Reflect
by 2 days, 3 hours ago
-
Windows 10 Build 19045.3513 (22H2) to Release Preview Channel
by 2 days, 14 hours ago
-
Microsoft worker accidentally exposes 38TB of sensitive data in GitHub blunder
by 2 days ago
-
Change CPU/Mainboard without reinstallation of OS and Apps – Win10
by 2 days, 5 hours ago
-
Mouse slows to crawl if Edge in focus
by 3 days, 10 hours ago
-
Windows and Surface chief Panos Panay is leaving Microsoft
by 2 days, 23 hours ago
-
Essential Office Portable
by 3 days, 12 hours ago
-
Essential Office: Disable Spell Check
by 3 days, 12 hours ago
-
Apple 2030
by 1 day, 10 hours ago
-
Wi-Fi 7? Why not!
by 9 hours, 35 minutes ago
-
Second city — the AI view from Washington
by 3 days, 20 hours ago
-
Zeroing in on zero days
by 2 days, 6 hours ago
-
LMDE – Software Update
by 1 day, 11 hours ago
-
MacAfee anti virus left overs
by 1 day, 6 hours ago
-
Google issues update for Chrome 109 (Win 7 – Server 2012r2) that fixes WebP
by 10 hours, 59 minutes ago
-
Microsoft apparently canning P2P Win32 services on Windows 11 23H2, Windows 12
by 7 hours, 21 minutes ago
-
Inserting from clipboard into posting
by 4 days, 6 hours ago
-
Background picture not invoked @ startup
by 2 days, 9 hours ago
