OLE Hardening
This section describes the design decisions associated with Object Linking and Embedding (OLE) on Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.
Estimated reading time: 1 minute
Object Linking and Embedding (OLE) is a functionality within Microsoft Office which enables the embedding and linking to documents and other objects. OLE is utilised to seamlessly integrate several types of data or components within a Microsoft Office file.
Adversaries have leveraged the OLE functionality to enable and download malicious content or execute a malicious payload. Within Microsoft Office 365 and Microsoft Office 2019 clients, the activation of objects that link to extensions that are considered high risk are blocked from executing. The list of high risk extensions can be configured through the use of Intune or GPOs.
ASD’s provides guidance around securing systems against malicious OLE packages and recommend they are implemented in all Windows environments. The guidance is to block all OLE packages from executing in Word, PowerPoint, and Excel.
Design Decisions
| Decision Point | Design Decision | Justification |
|---|---|---|
| OLE configuration | Block all | To align with the ASD’s Restricting Microsoft Office Macros guidance. |
Related information
Security & Governance
- Microsoft Office Macro Hardening
- Application Control
- Essential Eight: Restrict Microsoft Office Macros
Design
- None identified
Configuration
References
- None identified