Ransomware can use Office OLE objects to bypass CFAĪccording to him, a ransomware developer can easily get around this security feature. This means that Office apps can modify files located in a CFA folder, either the user likes it or not. This security feature was thought to be pretty secure until Yago Jesus, a Spanish security researcher with SecurityByDefault, has discovered that Microsoft has automatically white-listed all Office apps on this list.
This just means that before any change can be made, the user must manually approve any application that’s allowed to edit files located in the CFA folders, however it needs to be a part of a white-list and have to be managed via the “Allow an app through Controlled folder access” option. This feature is built-into Windows 10 within the Windows Defender antivirus.Ĭomputers running Windows 10 Fall Creators update received an update for Windows Defender called “Controlled Folder Access” that is designed to block modifications to files found in user-designated directories.
However, a security researcher had just recently found a way to bypass it. Windows 10 has a security feature called “Controlled Folder Access”, which is supposed to be a reliable anti-ransomware defensive measure.
0 kommentar(er)
