Skip to content

IT Notes

Menu
  • Home
  • Microsoft
  • Apple
  • IT Security
  • Azure
  • Office365
  • Microsoft Exchange
  • Privacy
  • Backups
Menu

Microsoft DDE attack adivsory

Posted on 09/11/2017 by Nial Aliyev
Share on Social Media
xfacebooklinkedinredditemail

Microsoft is releasing this security advisory to provide information regarding   security settings for Microsoft Office applications. This advisory provides guidance on what users can do to ensure that these applications are properly secured when processing Dynamic Data Exchange (DDE) fields.

Mitigating DDE Attack Scenarios

Users who wish to take immediate action can protect themselves by manually creating and setting registry entries for Microsoft Office. Use the following instructions to set the registry keys based on the Office applications installed on your system.

Warning: If you use Registry Editor incorrectly, you could cause serious problems that could require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

 

Microsoft Excel

Excel depends on the DDE feature to launch documents.

To prevent automatic update of links from Excel (including DDE, OLE, and external cell or defined name references), refer to the following table for the registry key version string to set for each version:

Office Version Registry Key <version> string
Office 2007 12.0
Office 2010 14.0
Office 2013 15.0
Office 2016 16.0

 

  • To disable the DDE feature via the user interface:Set File->Options->Trust Center->Trust Center Settings…->External Content->Security settings for Workbook Links = Disable automatic update of Workbook Links.
  • To disable the DDE feature via the Registry Editor:
    [HKEY_CURRENT_USER\Software\Microsoft\Office\<version>\Excel\Security]
    WorkbookLinkWarnings(DWORD) = 2
    

 

Impact of mitigation: Disabling this feature could prevent Excel spreadsheets from updating dynamically if disabled in the registry. Data might not be completely up-to-date because it is no longer being updated automatically via live feed. To update the worksheet, the user must start the feed manually. In addition, the user will not receive prompts to remind them to manually update the worksheet.

Microsoft Outlook

Refer to the following table for the registry key version string to set for each Office version:

Office Version Registry Key <version> string
Office 2010 14.0
Office 2013 15.0
Office 2016 16.0

 

  • For Office 2010 and later versions, to disable the DDE feature via the Registry Editor:
    [HKEY_CURRENT_USER\Software\Microsoft\Office\<version>\Word\Options\WordMail]
     DontUpdateLinks(DWORD)=1
    
  • For Office 2007, to disable the DDE feature via the Registry Editor
    [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Options\vpref]
    fNoCalclinksOnopen_90_1(DWORD)=1
    

Impact of mitigation: Setting this registry key will disable automatic update for DDE field and OLE links. Users can still enable the update by right-clicking on the field and clicking “Update Field”.

Microsoft Publisher

A Word document using the DDE protocol that is imbedded within a Publisher document could be a possible attack vector. You can help prevent this attack vector by applying the Word registry key modification. See the following section for the Word registry key values.

Microsoft Word

Refer to the following table for the registry key version string to set for each Office version:

Office Version Registry Key <version> string
Office 2010 14.0
Office 2013 15.0
Office 2016 16.0

 

  • For Office 2010 and later versions, to disable the DDE feature via the Registry Editor:
    [HKEY_CURRENT_USER\Software\Microsoft\Office\<version>\Word\Options]
    DontUpdateLinks(DWORD)=1
    
  • For Office 2007, to disable the DDE feature via the Registry Editor
    [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Options\vpref]
    fNoCalclinksOnopen_90_1(DWORD)=1
    

 

Impact of mitigation: Setting this registry key will disable automatic update for DDE field and OLE links. Users can still enable the update by right-clicking on the field and clicking “Update Field”.

 

Source : https://technet.microsoft.com/library/security/4053440.aspx?f=255&MSPPError=-2147217396

Search

Recent Posts

  • Hosting Your Web Application with Azure App Service
  • Microsoft Patch Tuesday, November 2023
  • Microsoft Thwarts China-based Threat Actor Storm-0558 Targeting Customer Email
  • Apple releases emergency updates to address the zero-day vulnerability.
  • How to Delegate Admin Roles to Partners in Microsoft 365

Categories

  • Apple
  • Azure
  • Backups
  • IT Security
  • Microsoft
  • Microsoft Exchange
  • Office365
  • Privacy
  • Uncategorized

Archives

  • August 2024
  • November 2023
  • July 2023
  • April 2023
  • March 2023
  • April 2022
  • June 2021
  • May 2021
  • October 2020
  • December 2019
  • July 2019
  • June 2019
  • December 2018
  • January 2018
  • November 2017
  • October 2017
  • August 2017
  • June 2017
  • May 2017
  • April 2017

About Me

171087
Users Today : 5
Total Users : 153872

Connect With Me

©2026 IT Notes | Design: Newspaperly WordPress Theme