How does Office 2010 implement DEP?

Data Execution Prevention (DEP) is a security feature that was introduced in Windows XP Service Pack 2 and Windows 2003 server, service pack 1. More general information on DEP can be found in this Microsoft knowledge base article. DEP is one of the many new defense in depth protection layers we have added in Office […]

Data Execution Prevention (DEP) is a security feature that was introduced in Windows XP Service Pack 2 and Windows 2003 server, service pack 1. More general information on DEP can be found in this Microsoft knowledge base article. DEP is one of the many new defense in depth protection layers we have added in Office 2010. Office applications, when booted, will call into the GetSystemDEPPolicy function to determine your computers DEP policy. This API will return one of the following results, and will behave as follows: AlwaysOn – your Office applications will always run with DEP enabled. There is no way to change this without modifying your systems boot configuration file, and restarting your computer; AlwaysOff – your Office applications will always run with DEP disabled. There’s no way to change this without modifying your systems boot configuration file, and restarting your computer; OptIn – Each Office application can be configured in the trust center (see the section below) to determine if it should run with DEP enabled; OptOut - Each Office application can be configured in the trust center (see the section below) to determine if it should run with DEP enabled.

Full Article: Data Execution Prevention in Office 2010