Prevent all Office applications from creating child processes!
The time has come for yet another Office Zero day vulnerability, this time seen being actively exploited in a number of places up to and including the NATO summit. Is there another way to purposely create an office document to trigger remote code execution when it’s opened and those attachments are seemingly everywhere. The vulnerability hasn’t been fixed yet, but there are some ways to protect yourself and those you know who just love opening mysterious connections.
If you are running Defender for Office and have child processes blocked you should be safe, these two features together will prevent your code from executing properly. If you don’t have that option, it’s up to the Registry with you to add a number of exe files to a key that prevents them from starting a child process. This could be quite problematic for some, as you might want PowerPoint to be able to talk to Excel or Graph.
You can get the list of programs to add, plus more information, to the computer playing.