Microsoft Word DDE Has Been Disabled

As of 15 December 2017, Microsoft have released an office update to disable DDE protocol in Microsoft Word applications as part of December’s Patch Tuesday. DDE is still currently enabled in Microsoft Outlook and Excel. This update has included a patch for Microsoft Word 2003 and Microsoft Word 2007.

The very feature of DDE that enables one Office application to load data from another Office application is being misused by the malware writers to install malware.

What is the DDE feature in Word

DDE or Dynamic Data Exchange is an old feature by Microsoft. It was replaced by the newer Object Linking and Embedding (OLE) toolkit. However, DDE is still supported by Office applications, such as Word. Using DDE, one Office application can load data from other Office applications. For example, if an Excel file is embedded in a Word document, the data in the table in the Word document can be updated every time the Word file is opened.

Affected Platforms

  • Microsoft Word 2003
  • Microsoft Word 2007
  • Microsoft Word 2016




6

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: