Microsoft Disables DDE Feature in Word to Prevent Further Malware Attacks By

Discussion in 'Security News' started by Solarquest, Dec 15, 2017.

  1. Solarquest

    Solarquest Moderator
    Staff Member AV Tester

    Jul 22, 2014
    As part of the December 2017 Patch Tuesday, Microsoft has shipped an Office update that disables the DDE feature in Word applications, after several malware campaigns have abused this feature to install malware.

    DDE stands for Dynamic Data Exchange, and this is an Office feature that allows an Office application to load data from other Office applications. For example, a Word file can update a table by pulling data from an Excel file every time the Word file is opened.

    DDE is an old feature, which Microsoft has superseded via the newer Object Linking and Embedding (OLE) toolkit, but DDE is still supported by Office applications.

    DDE feature abused to install malware
    Syafiq, DeepWeb, Vasudev and 6 others like this.
  2. Lockdown

    Lockdown From AppGuard

    Oct 24, 2016
    AppGuard LLC Virginia, U.S.
    #2 Lockdown, Dec 15, 2017
    Last edited: Dec 15, 2017
    Gee, disabling something by default that isn't needed. Now that's sacrilege to some people.

    Of course they had to make it another opt-in GUI-less registry hack, right ? What's one more gonna matter at this point. Make the user search the web for an hour to get infos. Maybe the user will find it, maybe they won't. Maybe what they find is accurate, maybe not.

    Why not just use Chromebook and save yourself a heap of trouble ?
  3. Arequire

    Arequire Level 18

    Feb 10, 2017
    United Kingdom
    Windows 7
    But imagine the suffering that Dave would go through having to spend 30 seconds of his life googling how to re-enable powershell. :cry:

    Seriously though I'd love to hear the reasoning from a Microsoft engineer as to why they don't disable stuff that 99.9% of the user base doesn't know exists but has been continuously abused by malware authors for years. I simply can't understand it.
    They can always keep this stuff enabled by default in the Pro/Enterprise/Education editions.
    Vasudev likes this.
  4. Lockdown

    Lockdown From AppGuard

    Oct 24, 2016
    AppGuard LLC Virginia, U.S.
    But their security division pumps out the advisories non-stop to disable everything unneeded to the Pro/Enterprise/Education Admins. So it would make a whole lot more sense to disable by default and make it all opt-in.

    Anyone who has had to slug their way through scattered, half-baked AppLocker-Device Guard-TPM documentation. What a rigmarole of epic proportions. Might as well throw yourself onto concertina wire or call it death by a 1000 cuts or however you wish to describe it.