Microsoft Disables DDE Feature in Word to Prevent Further Malware Attacks By

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
As part of the December 2017 Patch Tuesday, Microsoft has shipped an Office update that disables the DDE feature in Word applications, after several malware campaigns have abused this feature to install malware.

DDE stands for Dynamic Data Exchange, and this is an Office feature that allows an Office application to load data from other Office applications. For example, a Word file can update a table by pulling data from an Excel file every time the Word file is opened.

DDE is an old feature, which Microsoft has superseded via the newer Object Linking and Embedding (OLE) toolkit, but DDE is still supported by Office applications.

DDE feature abused to install malware
...
 
5

509322

Gee, disabling something by default that isn't needed. Now that's sacrilege to some people.

Of course they had to make it another opt-in GUI-less registry hack, right ? What's one more gonna matter at this point. Make the user search the web for an hour to get infos. Maybe the user will find it, maybe they won't. Maybe what they find is accurate, maybe not.

Why not just use Chromebook and save yourself a heap of trouble ?
 
Last edited by a moderator:

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,815
Gee, disabling something by default that isn't needed. Now that's sacrilege to some people.
But imagine the suffering that Dave would go through having to spend 30 seconds of his life googling how to re-enable powershell. :cry:

Seriously though I'd love to hear the reasoning from a Microsoft engineer as to why they don't disable stuff that 99.9% of the user base doesn't know exists but has been continuously abused by malware authors for years. I simply can't understand it.
They can always keep this stuff enabled by default in the Pro/Enterprise/Education editions.
 
  • Like
Reactions: Vasudev
5

509322

They can always keep this stuff enabled by default in the Pro/Enterprise/Education editions.

But their security division pumps out the advisories non-stop to disable everything unneeded to the Pro/Enterprise/Education Admins. So it would make a whole lot more sense to disable by default and make it all opt-in.

Anyone who has had to slug their way through scattered, half-baked AppLocker-Device Guard-TPM documentation. What a rigmarole of epic proportions. Might as well throw yourself onto concertina wire or call it death by a 1000 cuts or however you wish to describe it.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top