Image

Image

Image

"This document contains links that may refer to other files. Do you want to update the document with the data from the linked files?"Microsoft, in a security advisory released yesterday, has described how the technique could be used in a typical email attack:
In an email attack scenario, an attacker could leverage the DDE protocol by sending a specially crafted file to the user and then convincing the user to open the file, typically by way of an enticement in an email. The attacker would have to convince the user to disable Protected Mode and click through one or more additional prompts. As email attachments are a primary method an attacker could use to spread malware, Microsoft strongly recommends that customers exercise caution when opening suspicious file attachments.So, after decades of email-based malware attacks, we're back to some tried-and-trusted advice: be very wary of opening unsolicited email attachments. And as Microsoft considers the functionality of DDE to be a feature rather than a bug, it seems unlikely that it will be patching the technique anytime soon. According to Microsoft's advisory, concerned Microsoft Office users are advised to check their DDE-related security settings and disable the automatic update of data from linked fields to mitigate the threat. Currently, this mitigation may require some tinkering in the Registry and so should be done cautiously. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc-