Office; Tweak to protect against DDE attacks

Do you use Office? There is a vulnerability in DDE, a feature contained in the of Office that many are currently using to carry out attacks. DDE or Dynamic Data Exchange is a feature of Microsoft Office designed to give applications the ability to exchange data with each other.

You can use DDE for example to update a table in a Word document using Excel data.Office

The protocol is widely used, not only in Microsoft Office applications such as Word or Excel, but also through Visual Basic And much more.

What makes the vulnerability very worrying is that it does not require macros. Attacks that are currently being made use e-mails to distribute malicious Office documents.

Users who open these documents receive warning hints in Office. Word for example displays the “This document contains links that may refer to other files. Do you want to update this document with the data from the linked files?”

Most security applications do not detect any threat to Office documents.

Of course you can always protect your data by choosing “no” when Office prompts appear. Below we will see how you can add another level s. So you'll be able to protect your system regardless of the choices Office users make when they encounter such malicious documents.

Obviously, this is only one option if the DDE attribute is not required. Let's say that home users do not lose something if they turn off DDE, but companies may need it and so they may not want to completely disable the feature.

Am DDE

If you are using Microsoft Word 2016 or Microsoft Excel 2016, select Options> Advanced and uncheck the "Update auto-open links" option.

In Excel, you should also select "Ignore other applications that use Dynamic Data Exchange (DDE)".

The settings are in the following ways:
In Excel, Standards s> Microsoft Excel 2016> Excel Options> Advanced.

Ask to update the automatic links
Ignore the other applications

For Word Management Templates> Microsoft Word 2016> Word Options> Advanced.

Update the automatic links to the opening

Below we will see how you can do all this with one click ... from your computer registry:

The that you include in the zip contains the following code:

Registry Editor Version 5.00 [HKEY_CURRENT_USER \ Software \ Microsoft \ Office \ 16.0 \ Word \ Options] "DontUpdateLinks" = dword: 00000001 [HKEY_CURRENT_USER \ Software \ Microsoft \ Office \ 15.0 \ "DontUpdateLinks" = dword: 00000001 [HKEY_CURRENT_USER \ Software \ Microsoft \ Office \ 14.0 \ Word \ Options \ WordMail] "DontUpdateLinks" = dword: Microsoft Office \ 00000001 \ Word \ Options \ WordMail] "DontUpdateLinks" = dword: 16.0 [HKEY_CURRENT_USER \ Software \ Microsoft \ Office \ Office \ 00000001 \ OneNote \ Options \ "DisableEmbeddedFiles" = dword: 15.0 [HKEY_CURRENT_USER \ Software \ Microsoft \ Office \ 00000001 \ Options] "DontUpdateLinks" = dword: 14.0 "DDEAllowed" = dword: 00000001 "DDECleaned" = dword: 16.0 [HKEY_CURRENT \ N \ n \ n \ n \ n \ n \ n \ n \ n \ n \ n \ n \ n \ n \ n \ \ 00000001 \ Excel \ Options] "DontUpdateLinks" = dword: 15.0 "DDEAllowed" = dword: 00000001 "DDECleaned" = dword: 16.0 "Options" = dword:

Open the zip on your computer (eg in task) and double click on the file.

Download the zip

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).