[German]Microsoft has released Security Advisory 4053440 for the Dynamic Data Exchange (DDE) vulnerability in Microsoft Office. Here are some information about the topic.
What’s the DDE vulnerability?
Microsoft Office provides the DDE protocol, a set of messages and guidelines, as one of several methods for transferring data between applications. The DDE protocol sends messages between applications that share data, and uses shared memory to exchange data between applications. Applications can use the DDE protocol for one-time data transfers and for continuous exchanges in which applications send updates to one another as new data becomes available.
There is a vulnerability in the Microsoft Office modules that support the DDE interface. This DDE vulnerability in Microsoft Word has been probably used within malware attacks to spread this malware. It is sufficient to open a compromised Word document file to download and run the malware via the DDE interface.
Security Advisory 4053440
On November 8, 2017, Microsoft published the following Security Advice, which deals with the DDE issue.
Microsoft Security Advisory 4053440
– Title: Securely opening Microsoft Office documents that contain
Dynamic Data Exchange (DDE) fields
– Executive Summary: Microsoft is releasing this security
advisory to provide information regarding security settings for
Microsoft Office applications. This advisory provides guidance on
what users can do to ensure that these applications are properly
secured when processing Dynamic Data Exchange (DDE) fields.
– Originally posted: November 8, 2017
– Updated: N/A
– Version: 1.0
A Technet document contains more details and Microsoft describes ways to disable DDE in Excel, Word, Outlook via registry or in Trust Center.