Microsoft Word DDE Has Been Disabled
As of 15 December 2017, Microsoft have released an office update to disable DDE protocol in Microsoft Word applications as part of December’s Patch Tuesday. DDE is still currently enabled in Microsoft Outlook and Excel. This update has included a patch for Microsoft Word 2003 and Microsoft Word 2007.
The very feature of DDE that enables one Office application to load data from another Office application is being misused by the malware writers to install malware.
What is the DDE feature in Word
DDE or Dynamic Data Exchange is an old feature by Microsoft. It was replaced by the newer Object Linking and Embedding (OLE) toolkit. However, DDE is still supported by Office applications, such as Word. Using DDE, one Office application can load data from other Office applications. For example, if an Excel file is embedded in a Word document, the data in the table in the Word document can be updated every time the Word file is opened.
Affected Platforms
- Microsoft Word 2003
- Microsoft Word 2007
- Microsoft Word 2016
6
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.