![]() But Office files are automatically whitelisted, which provides a workaround. Normally, a user must approve an app’s ability to edit files stored in these protected CFA folders by whitelisting the app, as noted by Bleeping Computer. However, the fact that it can be bypassed with the use of Office files could mean it isn’t as secure as once thought. Essentially, CFA keeps suspicious apps from augmenting or editing any files stored in a particular protected folder. The Controlled Folder Access (CFA) in Windows 10–which Microsoft promoted as protection against ransomware–can be easily bypassed with the use of ‘boobytrapped’ Office files, according to work from security researcher Yago Jesus.ĬFA was added to Windows Defender in the Windows 10 Fall Creators Update in late 2017. ![]() Using augmented Office files, a hacker could steal data from a Windows 10 user and hold it for ransom.A security researcher was able to bypass the Controlled Folder Access feature in Windows 10 using OLE objects hidden in Office files.Building a slide deck, pitch, or presentation? Here are the big takeaways:
0 Comments
Leave a Reply. |