Microsoft Disables Word DDE Feature To Prevent Further Malware Attacks

An anonymous reader writes: As part of the December 2017 Patch Tuesday, Microsoft has shipped an Office update that disables the DDE feature in Word applications, after several malware campaigns have abused this feature to install malware. DDE stands for Dynamic Data Exchange, and this is an Office feature that allows an Office application to load data from other Office applications. For example, a Word file can update a table by pulling data from an Excel file every time the Word file is opened. DDE is an old feature, which Microsoft has superseded via the newer Object Linking and Embedding (OLE) toolkit, but DDE is still supported by Office applications.

The December Patch Tuesday disables DDE only in Word, but not Excel or Outlook. The reason is that several cybercrime and spam groups have jumped on this technique, which is much more effective at running malicious code when compared to macros or OLE objects, as it requires minimal interaction with a UI popup that many users do not associate with malware. For Outlook and Excel, Microsoft has published instructions on how users can disable DDE on their own, if they don't want this feature enabled.

All well and good

[Ol+Olsoc]

But its a bloody nuisance when you work with something, then it suddenly goes away. Security through loss of function.

Really?

This is the fucking problem with Microsoft, every fucking thing has to be able to execute fucking code and talk to fucking everything else that can also execute fucking code.

And then you fucking wonder why Microsoft is not fucking secure?

Fuck.

Re: Word 2007

[MightyYar]

Frankly, 2007 was a UI downgrade from the very-complete 2003. Nothing like re-learning a GUI that you've been using for 20 years. Progress!