Disable a number of "features" exposed by Windows, office and Adobe reader applications simply reduce the attack surface .
SL#
|
Common Exploit s Mitigation
|
Generic Windows
Features
|
|
1
|
Disable Windows Script Host. Windows Script Host allows the execution
of VBScript and Javascript files on Windows operating systems. This is very
commonly used by regular malware (such as ransomware) as well as targeted
malware.
|
2
|
Disabling AutoRun and AutoPlay. Disables AutoRun / AutoPlay for all
devices. For example, this should prevent applicatons from automatically
executing when you plug a USB stick into your computer.
|
3
|
Disables powershell.exe, powershell_ise.exe
and cmd.exe execution via Windows Explorer. You will not be able to use the terminal and it should
prevent the use of PowerShell by malicious code trying to infect the system.
|
4
|
Sets User Account Control (UAC) to always
ask for permission (even on
configuration changes only) and to use "secure desktop".
|
Microsoft Office
|
|
1
|
Disable Macros. Macros are at times used by Microsoft
Office users to script and automate certain activities, especially
calculations with Microsoft Excel. However, macros are currently a security
plague, and they are widely used as a vehicle for compromise. macro documents
options "Enable this
Content" notification is disabled too, to prevent users from being
tricked.
|
2
|
Disable OLE object execution. Microsoft Office applications are able to
embed so called "OLE objects" and execute them, at times also
automatically (for example through PowerPoint animations). Windows
executables, such as spyware, can also be embedded and executed as an object.
This is also a security disaster which we observed used time and time again,
particularly in attacks against activists in repressed regions.
|
3
|
Disabling ActiveX. Disables ActiveX Controls for all Office
applications.
|
Acrobat Reader
|
|
1
|
Disable JavaScript in PDF documents. Acrobat Reader allows to execute
JavaScript code from within PDF documents. This is widely abused for
exploitation and malicious activity.
|
2
|
Disable execution of objects embedded in PDF
documents. Acrobat Reader
also allows to execute embedded objects by opening them. This would normally
raise a security alert, but given that legitimate uses of this are rare and
limited,
|
No comments:
Post a Comment