Widespread malware attacks use unpatched Microsoft Word DDE exploit
This recently discovered attack method that exploits a built-in feature of Microsoft Office is used in new malware attacks. Last week hackers could use DDE (Dynamic Data Exchange) to execute malicious code on the targeted device without requiring macros enabled or memory corruption.
The DDE protocol is a method that Microsoft uses to let two running applications share the same data, so this protocol is used by thousands of applications, like MS Excel, MS Word, Quattro Pro and Visual Basic for one-time data transfers and continuous exchanges..
The exploitation method displays no security warnings to users, except asking them if they want to execute the application in the command - this also could be eliminated by proper syntax modification.
So what is the proper way to deal with this issue?
DDE is a legitimate feature and this malleability does not trigger antivirus tools. For now, there is no planned patch to remove or repair the DDE functionality.
The best way to protect yourself or your organization from this attack is to disable point “update automatic links open” in the MS Office programs.
This can be done with Open word – Select File – Options – Advanced – scroll to General and uncheck this point “Update Automatic links at Open”.
Always stay suspicious of any unrequested document sent to you by email and never click on uninvited links inside these documents if your source is unverified! Stay safe!