After a period of tug-of-war, Microsoft Office Productivity Suite finally blocked VBA macros by default in late July. Neowin notes that new policies, bases and procedures (TTPs) are emerging, making file formats such as ISO, LNK and RAR highly susceptible to malware injection.
Screenshot (via Bleeping Computer)
The good news is that Windows 11’s Smart Application Control (SAC) utility will do a better job of stopping the spread of potentially malicious software.
We’ve improved SAC on Windows 11 to now block ISO images and LNK shortcuts with web markers (MOTW),” David Weston, Microsoft’s vice president of enterprise and operating system security, announced in a tweet on Tuesday.
Microsoft reportedly released Smart App Control in April of this year, and David Weston described it as a “major enhancement to the Windows 11 security model” designed to release only those applications that are secure and reliable.
However, as security researcher Will Dormann has discovered, SAC actually contains much more powerful potential.
In addition to ISO and LNK, it can now also block file types such as IMG archives, and VDH / VHDX virtual machine disks.
Here are more file types that Bleeping Computer has shared that can be blocked by SAC: (list is growing)
"● .appref-ms ● .bat ● .cmd ● .chm ● .cpl ● .js ● .jse ● .msc ● .msp ● .reg ● .vbe ● .vbs ● .wsf
Note that the .diagcabb file type, which Neowin discovered was recently used in the MSDT “DogWalk” vulnerability, has not yet been added to the SAC’s block list.
Interested Windows 11 22H2 Insider testers can try SMART App Control now. But if you want to disable this SAC feature, it’s not officially recommended.
Finally, when asked about the specific SAC-restricted extensions, Microsoft’s Jeffery Sutherland said they would be announced soon.