Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Submission + - Microsoft Disables Word DDE Feature to Prevent Further Malware Attacks (bleepingcomputer.com)

An anonymous reader writes: As part of the December 2017 Patch Tuesday, Microsoft has shipped an Office update that disables the DDE feature in Word applications, after several malware campaigns have abused this feature to install malware. DDE stands for Dynamic Data Exchange, and this is an Office feature that allows an Office application to load data from other Office applications. For example, a Word file can update a table by pulling data from an Excel file every time the Word file is opened. DDE is an old feature, which Microsoft has superseded via the newer Object Linking and Embedding (OLE) toolkit, but DDE is still supported by Office applications.

The December Patch Tuesday disables DDE only in Word, but not Excel or Outlook. The reason is that several cybercrime and spam groups have jumped on this technique, which is much more effective at running malicious code when compared to macros or OLE objects, as it requires minimal interaction with a UI popup that many users do not associate with malware. For Outlook and Excel, Microsoft has published instructions on how users can disable DDE on their own, if they don't want this feature enabled.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Microsoft Disables Word DDE Feature to Prevent Further Malware Attacks

Comments Filter:

Thus spake the master programmer: "Time for you to leave." -- Geoffrey James, "The Tao of Programming"

Working...