Microsoft Disables DDE Feature in Word to Prevent Further Malware Attacks By

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Solarquest

Moderator
Staff member
AV-Tester
Jul 22, 2014
1,925
#1
As part of the December 2017 Patch Tuesday, Microsoft has shipped an Office update that disables the DDE feature in Word applications, after several malware campaigns have abused this feature to install malware.

DDE stands for Dynamic Data Exchange, and this is an Office feature that allows an Office application to load data from other Office applications. For example, a Word file can update a table by pulling data from an Excel file every time the Word file is opened.

DDE is an old feature, which Microsoft has superseded via the newer Object Linking and Embedding (OLE) toolkit, but DDE is still supported by Office applications.

DDE feature abused to install malware
...
 

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,925
#2
Gee, disabling something by default that isn't needed. Now that's sacrilege to some people.

Of course they had to make it another opt-in GUI-less registry hack, right ? What's one more gonna matter at this point. Make the user search the web for an hour to get infos. Maybe the user will find it, maybe they won't. Maybe what they find is accurate, maybe not.

Why not just use Chromebook and save yourself a heap of trouble ?
 
Last edited:
Feb 10, 2017
954
Operating System
Windows 7
Installed Antivirus
Default-Deny
#3
Gee, disabling something by default that isn't needed. Now that's sacrilege to some people.
But imagine the suffering that Dave would go through having to spend 30 seconds of his life googling how to re-enable powershell. :cry:

Seriously though I'd love to hear the reasoning from a Microsoft engineer as to why they don't disable stuff that 99.9% of the user base doesn't know exists but has been continuously abused by malware authors for years. I simply can't understand it.
They can always keep this stuff enabled by default in the Pro/Enterprise/Education editions.
 
Likes: Vasudev

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,925
#4
They can always keep this stuff enabled by default in the Pro/Enterprise/Education editions.
But their security division pumps out the advisories non-stop to disable everything unneeded to the Pro/Enterprise/Education Admins. So it would make a whole lot more sense to disable by default and make it all opt-in.

Anyone who has had to slug their way through scattered, half-baked AppLocker-Device Guard-TPM documentation. What a rigmarole of epic proportions. Might as well throw yourself onto concertina wire or call it death by a 1000 cuts or however you wish to describe it.