Microsoft Disables DDE Feature in Word to Prevent Further Malware Attacks By

Solarquest

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
As part of the December 2017 Patch Tuesday, Microsoft has shipped an Office update that disables the DDE feature in Word applications, after several malware campaigns have abused this feature to install malware.

DDE stands for Dynamic Data Exchange, and this is an Office feature that allows an Office application to load data from other Office applications. For example, a Word file can update a table by pulling data from an Excel file every time the Word file is opened.

DDE is an old feature, which Microsoft has superseded via the newer Object Linking and Embedding (OLE) toolkit, but DDE is still supported by Office applications.

DDE feature abused to install malware
...
 
  • Like
Reactions: Syafiq, DeepWeb, Vasudev and 6 others
5

509322

Gee, disabling something by default that isn't needed. Now that's sacrilege to some people.

Of course they had to make it another opt-in GUI-less registry hack, right ? What's one more gonna matter at this point. Make the user search the web for an hour to get infos. Maybe the user will find it, maybe they won't. Maybe what they find is accurate, maybe not.

Why not just use Chromebook and save yourself a heap of trouble ?
 
Last edited by a moderator:
  • Like
Reactions: Vasudev, Der.Reisende, harlan4096 and 1 other person
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
Lockdown said:
Gee, disabling something by default that isn't needed. Now that's sacrilege to some people.
Click to expand...
But imagine the suffering that Dave would go through having to spend 30 seconds of his life googling how to re-enable powershell. :cry:

Seriously though I'd love to hear the reasoning from a Microsoft engineer as to why they don't disable stuff that 99.9% of the user base doesn't know exists but has been continuously abused by malware authors for years. I simply can't understand it.
They can always keep this stuff enabled by default in the Pro/Enterprise/Education editions.
 
  • Like
Reactions: Vasudev
5

509322

Arequire said:
They can always keep this stuff enabled by default in the Pro/Enterprise/Education editions.
Click to expand...

But their security division pumps out the advisories non-stop to disable everything unneeded to the Pro/Enterprise/Education Admins. So it would make a whole lot more sense to disable by default and make it all opt-in.

Anyone who has had to slug their way through scattered, half-baked AppLocker-Device Guard-TPM documentation. What a rigmarole of epic proportions. Might as well throw yourself onto concertina wire or call it death by a 1000 cuts or however you wish to describe it.
 
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus
Replies
1
Views
917
News Archive
Andy Ful
Andy Ful
Gandalf_The_Grey
    • +Reputation
    • Like
Security News Microsoft disables MSIX protocol handler abused in malware attacks
Replies
2
Views
1,723
Security News
oldschool
oldschool
Gandalf_The_Grey
    • Like
    • +Reputation
Microsoft: Unpatched Office zero-day exploited in NATO summit attacks
Replies
0
Views
1,302
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top