- Jul 22, 2014
- 2,525
Despite a rash of attacks leveraging Dynamic Data Exchange fields in Office, including some spreading destructive ransomware, Microsoft has remained insistent that DDE is a product feature and won’t address it as a vulnerability.
Microsoft on Wednesday did, however, put some guidance in admins’ hands as to how to safely disable the feature via new registry settings for Office. Each one comes with a caveat that data between applications will no longer update automatically; this is something that would impact Excel users in particular who rely this live feed of data to keep spreadsheets automatically updated.
....
....
...
The attacker would have to convince the user to disable Protected Mode and click through one or more additional prompts. As email attachments are a primary method an attacker could use to spread malware, Microsoft strongly recommends that customers exercise caution when opening suspicious file attachments.”
Attacks leveraging macro malware weren’t finding much of an impediment in tricking users into enabling macros—which are off by default in Office—with clever social engineering through subject lines and attachments related to day-to-day business operations such as shipping notifications and invoices.
In Microsoft’s advisory published yesterday, it recommended enabling security-related feature control keys for Office 2016 and 2013 that will disable the automatic update of data from linked fields.
In Excel, Microsoft provided instructions on how to disable DDE via the registry editor or the user interface.
....
...
...
Microsoft on Wednesday did, however, put some guidance in admins’ hands as to how to safely disable the feature via new registry settings for Office. Each one comes with a caveat that data between applications will no longer update automatically; this is something that would impact Excel users in particular who rely this live feed of data to keep spreadsheets automatically updated.
....
....
...
The attacker would have to convince the user to disable Protected Mode and click through one or more additional prompts. As email attachments are a primary method an attacker could use to spread malware, Microsoft strongly recommends that customers exercise caution when opening suspicious file attachments.”
Attacks leveraging macro malware weren’t finding much of an impediment in tricking users into enabling macros—which are off by default in Office—with clever social engineering through subject lines and attachments related to day-to-day business operations such as shipping notifications and invoices.
In Microsoft’s advisory published yesterday, it recommended enabling security-related feature control keys for Office 2016 and 2013 that will disable the automatic update of data from linked fields.
In Excel, Microsoft provided instructions on how to disable DDE via the registry editor or the user interface.
....
...
...