Security researcher Yago Jesus from SecurityByDefault recently said that he was able to bypass Microsoft’s “Controlled Folder Access” feature which is being touted as a reliable anti-ransomware measure.
CFA allows the user to block changes to files in user-designated directories via a prompt. However, Jesus found that all Office apps were automatically whitelisted, which means that an attacker can add simple scripts in OLE objects inside Office files to bypass CFA.
The researcher reported his findings to Microsoft, but the company said that it was not a security vulnerability. Even though they said that the issue will be fixed, Jesus will still not get a bug bounty or credit for his findings.
Source: Bleeping Computer