Disable DDEAUTO for Microsoft Word, Excel, Outlook, versions 2010, 2013, 2016 Appears to block known DDE attacks.https://gist.github.com/wdormann/732bb88d9b5dd5a66c9f1e1498f31a1b …
-
Show this thread
-
Replying to @wdormann
Did you test the Excel keys? I’ve not found them in the documentation.
1 reply 0 retweets 0 likes -
Replying to @wesdrone
Yes, I tested each. Documentation is sparse. I wanted to include Office 2007, but there isn't a discrete reg value for the pref change.
1 reply 0 retweets 0 likes -
Replying to @wdormann
Thanks I tested Word and Outlook but not Excel. How did you make a Excel PoC doc?
1 reply 0 retweets 0 likes -
Replying to @wesdrone
See: http://georgemauer.net/2017/10/07/csv-injection.html … The underlying mechanism is the same (DDE)
3 replies 0 retweets 4 likes -
Replying to @wdormann
Taking a look at a lot of Excel settings. Did you also set HKCU\Software\Microsoft\office\16.0\Excel\Security\WorkbookLinkWarnings?
1 reply 0 retweets 0 likes
I have not. Based on the wording, I suspect it'd still prompt the user. I'm also on vacation this week, so I might not verify soon.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.