|
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
Attack surface reduction rule triggers a mess on Friday the 13
#Fridaythethirteenthmess
If you set up the Attack surface reduction rule to check Office macros, you have woken up to missing shortcuts. It appears to have been triggered after a defender update. Note this will only occur IF you have attack surface reduction rule enabled. On machines where this is not set, no issues will be seen using Defender. It is just those with ASR rules enabled.
The specific rule causing this is
Block Win32 API calls from Office macros
Rule-ID 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b
In Intune or group policy set the rule to audit if Microsoft hasn’t done it for you already. Now how to deal with the missing shortcuts?
Emin reports that “If you’ve volume shadow copy enabled, you can find these shorcuts in a VSS snapshot. I still use nowadays this code whenever I’ve to mount/dismount VSS snapshots. https://p0w3rsh3ll.wordpress.com/2014/06/21/mount-and-dismount-volume-shadow-copies/
Alternatively you can get the shortcuts from Onedrive if the Desktop synchronization was enabled.
Microsoft’s guidance here:
I’ll also note this on the Master Patch list – but it’s NOT exactly patch related side effect.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
“Double” DHCP Advanced Router Settings: Is it an issue?
by 6 minutes ago
-
Domain Controllers Patching
by 4 hours, 31 minutes ago
-
Alexa and Smart Plugs
by 3 hours, 10 minutes ago
-
Meta Services an Android App or not?
by 1 minute ago
-
Ubuntu Pro enters general availability
by 5 hours, 55 minutes ago
-
UTM 4.1.5 : Run Windows on your Mac for free with this virtualisation tool
by 5 hours, 49 minutes ago
-
Windows 11 Insider Preview Build 22621.1245 and 22623.1245 released to BETA
by 6 hours, 25 minutes ago
-
Hive ransomware taken down
by 1 hour, 2 minutes ago
-
In what universe does it take 24 hours to ‘unfreeze’ files?
by 4 hours, 46 minutes ago
-
Windows 10 S Mode Installation
by 11 hours, 2 minutes ago
-
Samsung Galaxy A72 Stuck in Airplane Mode
by 2 hours, 7 minutes ago
-
Zacks Investment Research data breach affects 820,000 clients
by 17 hours, 51 minutes ago
-
Group Taskbar Icons Using Separators
by 22 hours, 57 minutes ago
-
File Explorer Library
by 20 hours, 41 minutes ago
-
Windows 11 Insider Preview build 25284 released to DEV
by 1 day, 1 hour ago
-
Bitlocker request on boot.
by 16 hours, 2 minutes ago
-
Preserving downloaded software to CDs
by 4 hours, 52 minutes ago
-
AT&T Router “Can’t connect to this network”
by 16 hours, 12 minutes ago
-
Specific update needed from MS for all in one printer.
by 1 day, 2 hours ago
-
Safe to install KB5022476 to a newly built Win 10 Pro 21H2 laptop?
by 1 day, 7 hours ago
-
Hands of Doomsday Clock moved 10 seconds forward because of war in Ukraine
by 1 day, 14 hours ago
-
Microsoft faces global outage: Outlook, Teams crash for millions of users
by 1 day, 13 hours ago
-
Wine 8.0 Released
by 1 day, 16 hours ago
-
OpenCore 6.0. Run macOS Ventura on unsupported Macs
by 1 day, 17 hours ago
-
Has anyone tried Epyrus Email?
by 2 days, 1 hour ago
-
Would DoubleClick being an Alphabet company fool anyone?
by 1 day, 11 hours ago
-
Five Very Popular Linux Distros That Are Now DEAD!
by 1 day, 6 hours ago
-
Chrome User Agent suddenly showing Windows 10 instead of 7
by 1 day, 2 hours ago
-
Netrunner 23 “Vaporwave”
by 2 days, 3 hours ago
-
regedit key search
by 1 day, 13 hours ago
