Microsoft issued recommendations on protection against cyber attacks using the Dynamic Data Exchange protocol (DDE).
The DDE protocol is designed to exchange data between Office and other Windows applications. In October this year, researchers warned that the features of the DDE protocol can be exploited by hackers to create documents that download malicious software from a third-party server. This method can be used as a replacement for macros in attacks using documents.
The vulnerability in the DDE protocol was exploited by a number of different hacker groups, including during the spread of extortion software Locky.
In the recommendations, Microsoft stressed that DDE is a legitimate feature and invited users to follow certain precautions to protect against attacks. In particular, for a successful attack, attackers need to convince the victim to disable the safe mode and confirm the opening of malicious files in several pop-up windows.
In addition, Microsoft said that users of Office can also include certain registry keys that increase security, including a key that disables automatic updating of data from related fields.
The company provided detailed information about disabling automatic link updates in Excel, Outlook, Publisher and Word by installing certain registry keys. Disabling this function may affect the functionality that uses DDE, and users may need to manually update the fields.
In the update of Windows 10 Fall Creators Update, users are protected from DDE attacks using the Attack Surface Reduction (ASR) feature added to the Windows Defender Exploit Guard.
Microsoft also recommends that users be careful when opening suspicious attachments in emails, because malicious documents running DDE are usually delivered by email.
Recall that earlier security researchers from Sophos Labs reported the possibility of exploiting a critical vulnerability in the Dynamic Data Exchange protocol via the Microsoft Outlook email client.
DDE (Dynamic Data Exchange) is a communication protocol developed by Microsoft for the exchange of data between different Windows applications and their synchronization.