Monday 23 October 2017

Attack Via Office DDE Feature Also Works In Microsoft Outlook



The Microsoft Office DDE feature currently used to attack Internet users through Word documents also works in Microsoft Outlook, so researchers have shown. The attack can be performed by sending emails and calendar invitations set up in Rich Text Format (RTF).

The Dynamic Data Exchange (DDE) feature of Microsoft Office makes it possible to inject data from, for example, an Excel document into a Word document. This will add code to one document that points to the data in the other document. Instead of a document, malicious code may also be linked. Attackers now use this feature to infect internet users through Word documents with ransomware and other malware.

The attackers send emails that have attached a Word document. As soon as the recipient opens the document, he will see several dialog boxes asking for permission to run the code that is linked. However, it is not necessary to send Word documents, so researchers have shown . Researcher Kevin Beaumont found a way to use the DDE feature in Microsoft Outlook via e-mail. In this case, users get the same notification as with Word asking for permission to execute code.


In addition to a RTF-generated email, the attack can also be performed via a calendar invitation. According to anti-virus company Sophos , the attack is easy to stop, users need to click on no-click in the first window asking for code execution. If the user clicked yes in the first window, a second dialog will appear for permission. Only when yes is clicked is the code called through DDE executed. Another option that users can apply to protect themselves is to display emails in plain text.

No comments:

Post a Comment