Interesting via @MyYiff and others - .iqy files (that open in Microsoft Excel), trigger DDE exploit. Mass spamming right now. Bypass mail gateways it appears. https://www.virustotal.com/en/file/a0b80b57879ef437709bae7e2896efb7be9bd57291e64bc58d7cd13bd1de9f27/analysis/ …
-
Show this thread
-
Replying to @GossiTheDog @MyYiff
It's unfortunate that the blocking of DDE in Word (possible since Dec. 2017) and Excel (possible since Jan 2018) is not enabled by default. I wonder how many organizations actually have made these registry changes to enable the protection? https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170021 …
2 replies 3 retweets 12 likes -
Wait... I thought installing those updates killed DDE unless you made changes to the registry to re-enable it??
2 replies 0 retweets 0 likes -
The wording is confusing. So far I've only tested Excel 2016 on Windows 7, patched as of May. The DDE-blocking registry value wasn't present by default. Only after setting it manually did it prevent my CSV from launching calc.exe.
1 reply 0 retweets 1 like -
Ok, so that's consistent with it being allowed by default in Excel by not in Word, post-updates. I must have misread that advisory when it was updated. But...I need to dig into exactly what MS is doing here.
1 reply 0 retweets 0 likes -
So yeah, that's it: the Dec. update blocks it in Word, but the Jan. Excel update just gives you more blocking options should you so choose. (Fortunately, just realized I was using the old Excel reg settings to block anyway.) Office security can never, ever be simple, can it?
1 reply 0 retweets 1 like
That matches my testing. Since December, it looks like Word blocks DDE by default. Since January, Excel gives you the *option* to block DDE. But will not do so without manual intervention via registry changes.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.