Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Disables Word DDE Feature To Prevent Further Malware Attacks (bleepingcomputer.com)

Posted by msmash on from the a-step dept.

An anonymous reader writes: As part of the December 2017 Patch Tuesday, Microsoft has shipped an Office update that disables the DDE feature in Word applications, after several malware campaigns have abused this feature to install malware. DDE stands for Dynamic Data Exchange, and this is an Office feature that allows an Office application to load data from other Office applications. For example, a Word file can update a table by pulling data from an Excel file every time the Word file is opened. DDE is an old feature, which Microsoft has superseded via the newer Object Linking and Embedding (OLE) toolkit, but DDE is still supported by Office applications.

The December Patch Tuesday disables DDE only in Word, but not Excel or Outlook. The reason is that several cybercrime and spam groups have jumped on this technique, which is much more effective at running malicious code when compared to macros or OLE objects, as it requires minimal interaction with a UI popup that many users do not associate with malware. For Outlook and Excel, Microsoft has published instructions on how users can disable DDE on their own, if they don't want this feature enabled.

5 of 103 comments (clear)

  1. All well and good by Ol+Olsoc · · Score: 5, Insightful

    But its a bloody nuisance when you work with something, then it suddenly goes away. Security through loss of function.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  2. Word 2007 by DrStrangluv · · Score: 4, Interesting

    What makes this patch especially interesting is they also released it for Word 2007, which otherwise would be end of life and excluded from updates.

    1. Re: Word 2007 by MightyYar · · Score: 3, Insightful

      Frankly, 2007 was a UI downgrade from the very-complete 2003. Nothing like re-learning a GUI that you've been using for 20 years. Progress!

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  3. Newer? by Dan+East · · Score: 4, Interesting

    newer Object Linking and Embedding (OLE) toolkit

    OLE 1.0, released in 1990, was an evolution of the original Dynamic Data Exchange (DDE) concept

    Boy, that's reassuring that OLE is so much newer than DDE. Why the heck is something like DDE still existing in their products when it was superseded by something 27 years ago?

    --
    Better known as 318230.
    1. Re:Newer? by angel'o'sphere · · Score: 3, Informative

      No, OLE is the attempt of reinventing the Apple "OLE" which they had years before, but then dropped it as it is pointless.
      CORBA is something completely different and has nothing to do with OLE at all. CORBA is an object oriented RPC (remote procedure call) "specification". It basically only works inside of the same "Server" (ORB = object request broker) family (same vendor, not even same OS is enough).
      It got soon extended by the IIOP, internet inter ORB protocol, which made it possible that ORBs of different vendors could interact with each other.
      While there are similarities, they have not much in common. In CORBA e.g. you have platform neutral specification languages (IDL, interface description languages) that make it possible to generate communication skeletons and "dumb data objects" to talk to any ORB. And then fill out the logic you need.
      An ORB is basically a fancy "REST Server" ... or "SOAP", does not matter, means: A server application.
      In other words: the data you manipulate is somewhere else. On the server.

      With OLE every single Application on your Windows PC can be its own small server, able to handle requests to manipulate objects that are actually "embedded" into other programs.

      You basically tell a remote (but still on the same machine) progam to manipulate your local data. OLE is basically CORBA reversed. Instead of calling business logic on the server, the other side manipulates the data in the client. (And there is no IDL/specification language, but you have to implement all the hooks the other side needs to manipulate your data)

      P.S.
      Similar to CORBA *and* OLE is MS COM and DCOM inspired by DECs was DCE, Distributed Computing Environment.
      Or as a summary:
      * CORBA is supposed to be used in a LAN/WAN and with IIOP over the internet, OLE is supposed to be used on the same machine, but it is possible to use OLE Servers (as in remote)
      However, why anyone would use OLE for remote stuff when we have CORBA, SOAP and REST is beyond me.
      * the CORBA server is called by clients, letting the server do something for them on the server
      * OLE asks the server to do something inside of your own address space, you basically embed (hence the E in OLE) a part of the server into your own application, it is basically a super fancy DLL(dynamic link library)

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.