Wednesday, 25 October 2017

Security Company Develops DDE Feature Patch In Microsoft Office

A security company has developed an unofficial patch for the DDE feature in Microsoft Office where cybercriminals are currently exploiting abuse. Dynamic Data Exchange (DDE) is a feature that was added to older Windows versions and is still used in many places. The feature allows you to inject data from, for example, an Excel document into a Word document.

In the event that the Excel document is updated, this will be immediately visible in the Word document. However, the DDE feature also makes it possible to call a malicious application instead of Excel or a benign application that performs malicious commands. To perform the called application, the user must first give permission to two dialog boxes.

However, this does not seem to be a problem, as the functionality is currently being used by cyber criminals. Microsoft is not currently planning to resolve the issue through a security update. However, the Windows 10 Fall Creators Update features the Windows Defender Exploit Guard that can block attacks via the DDE feature. Since Microsoft did not get a patch for the time being, security company ACROS decided to look into the possibilities to develop a patch.

The result is a " micro-patch " for Office 2007, 2010, 2013, 2016 and 365, both the 32-bit and 64-bit versions. The patch causes the DDE feature not to invoke the specified application. Microsoft Word will still display the two dialog boxes, but if the user click here yes, the called application will not be executed. To install the micro patch, the free 0patch Agent software must run on the system. This is an unofficial patch and the use is at your own risk. ACROS has previously developed micro-vulnerability vulnerabilities in Windows and Foxit Reader, among other things.

No comments:

Post a Comment