CISA Warns of Microsoft PowerPoint Code Injection Vulnerability Exploited in Attacks

Parkinsond said:
I was not referring to blocking creating child process, I meant code injection.
Click to expand...

This ASR rule cannot prevent vulnerability because that vulnerability does not depend on code injection to other processes.
However, it can help to mitigate the attack at the post-exploitation stage, if the exploit tries to inject code to other processes.
The same is true according to the ASR rules related to child processes.
It is possible that some Exploit Protection settings could prevent the exploit, but confirming this would require the POC to test.
 
  • +Reputation
Reactions: simmerskool and Parkinsond
Andy Ful said:
This ASR rule cannot prevent vulnerability because that vulnerability does not depend on code injection to other processes.
However, it can help to mitigate the attack at the post-exploitation stage, if the exploit tries to inject code to other processes.
The same is true according to the ASR rules related to child processes.
Click to expand...
I got it; in such a scenario, the code injection is "In" into PowerPoint.exe, not "Out" from PowerPoint.exe into another exe or process.
 
  • Like
Reactions: Andy Ful
You must log in or register to reply here.

You may also like...