Word 2016 Exploit attempt to bypass ASLR blocked

[MarkTM]

User reports getting the exploit pop-up when typing in a new document in Word 2016. Files attached.

Malwarebytes Anti-Exploit version 1.11.2.55

Malwarebytes Managed Client 1.8.0.3443

Thank you!

FRST-tlh.zip

Malwarebytes Anti-Exploit-tlh.zip

[Rsullinger]

Hey MarkTM,

 

I want to have you try a debug build to get me more information. I am going to send you a PM to send it to get that data. Along with this, do you mind getting me a screenshot of the addon's in word or possibly try launching word in safe mode? I want to eliminate the possibility this is caused by an addon. 

[TechnoBabble]

Hi All,

We are running into this on a few of our computers as well.  MS Office 2016 Professional, vanilla installation, will sometimes get flagged by Anti-Exploit as "Exploit blocked by bottom up ASLR Enforcement" . 

My questions is, with Windows 7 and Office 2016, isn't Word/Excel/Powerpoint/Etc. built to automatically do ASLR?   If so, then what exactly is MBAM Anti-exploit doing that isn't already being done by the Application and OS? 

If I uncheck the Application Hardening option to enforce bottom up ASLR for MS Office, am I losing any security?

Thanks!