In addition to protecting the desktop, you should also pay close attention to the Office suite–in particular, Microsoft’s Object Linking and Embedding (OLE) platform. OLE allows you to make linked connections between applications and other documents, but it also provides a toehold for attackers to gain access into our systems.
As a recently National Cyber Awareness system document stated: “As of December 2019, Chinese state cyber actors were frequently exploiting the same vulnerability—CVE-2012-0158—that the US government publicly assessed in 2015 was the most used in their cyber operations.” Let that sink in. A vulnerability patched in 2012 was the most used exploit in December 2019. The vulnerability affects Office 2003, 2007 and 2010.