As of 15 December 2017, Microsoft have released an office update to disable DDE protocol in Microsoft Word applications as part of December’s Patch Tuesday. DDE is still currently enabled in Microsoft Outlook and Excel. This update has included a patch for Microsoft Word 2003 and Microsoft Word 2007.
The very feature of DDE that enables one Office application to load data from another Office application is being misused by the malware writers to install malware.
What is the DDE feature in Word
DDE or Dynamic Data Exchange is an old feature by Microsoft. It was replaced by the newer Object Linking and Embedding (OLE) toolkit. However, DDE is still supported by Office applications, such as Word. Using DDE, one Office application can load data from other Office applications. For example, if an Excel file is embedded in a Word document, the data in the table in the Word document can be updated every time the Word file is opened.
- Microsoft Word 2003
- Microsoft Word 2007
- Microsoft Word 2016