Microsoft’s policy is to assume that its source code and network is already compromised and thus it has an “assume breach” philosophy. So when we get security updates, we don’t just receive fixes for what we know; I often see vague references to additional hardening and security features that help users going forward. Take, for example,
KB4592438. Released for 20H2 in December, it included a vague reference to updates to improve security when using Microsoft Edge Legacy and Microsoft Office products. While most of each month’s security updates specifically fix a declared vulnerability, there are also parts that instead make it harder for attackers to use known techniques for nefarious ends.
Feature releases often bolster security for the operating system, though some of the protections mandate an Enterprise Microsoft 365 license called an “E5” license. But you can still use advanced protection techniques but with manual registry keys or by editing group policy settings. One such example is a group of security settings designed for attack surface reduction; you use various settings to block malicious actions from occurring on your system.
But (and this is a huge but), to set these rules means that you need to be an advanced user. Microsoft considers these features to be more for enterprises and businesses and thus doesn’t expose the settings in an easy-to-use interface. If you are an advanced user and want to check out these attack surface reduction rules, my recommendation is to use the PowerShell graphical user interface tool called
ASR Rules PoSH GUI to set the rules. Set the rules first to “audit” rather than making them enabled so you can first review the impact on your system.
You can download the GUI from the
github site and you’ll see these rules listed. (Note, you need to Run as administrator: right mouse click on the downloaded .exe file and click on run as administrator.) It’s not a bad way to harden your system while the fallout from the Solarwinds attack continues to unfold.
