By Microsoft published a security advisory on Wednesday that offers facts on how users can care for themselves contrary to recent threats harming the Dynamic Data Exchange – DDE protocol.
DDE is specifically designed for exchanging of data between Microsoft Office and various Windows applications. Researchers already advised that the method of DDE fields are managed could be harmed by hackers for creating documents that load malicious resources from an exterior server. The method can be utilized as an alternative for macros in threats containing documents.
Several sorts of threat actors have harmed DDE in attacks containing by cybercriminals who are irritating to generate profit using the Locky ransomware and Russia-linked cyber-spies identified for aiming high-profile organizations. It may announce an update at some point that would avoid DDE attacks. Microsoft brought to the fore that DDE is a genuine feature and there already are various securities and reduction in place. The company cleared that for a threat to the effort, victims require being persuaded to restrict Secure Mode and click through few immediate mentioning connected files and distant data.
Moreover, Microsoft stated Office users can facilitate precise registry keys that develop security, containing a key that restricts automatic data updates from associated fields. The technical giant has offered complete information on how automatic connection updates can be restricted in Excel, Outlook, Publisher, and Word by using exact registry keys.
However, restricting the feature could influence genuine functionality that influences DDE and users might require to physically update fields. The users are secured against DDE threats by the Attack Surface Reduction (ASR) justification involved in Windows Defender Exploit Guard in the case of Windows 10 Fall Creators Update. Meanwhile, malicious documents abusing DDE are normally delivered via email. Microsoft has recommended users to do with carefulness when opening doubtful attachments.
The recent report published on DDE threats comes from McAfee and it mentions a campaign released by the Russia-linked cyber surveillance group tracked as APT28 and Fancy Bear. The attackers used documents referencing the recent terrorist threat in New York and the Saber Guardian military practice to carry reconnaissance malware.
