Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

PARTNER SECURITY ADVISORY (Microsoft): Mitigating Dynamic Data Exchange (DDE) Attacks

    • Updated:
    • 14 Nov 2017
    • Product/Version:
    • Deep Discovery Analyzer All.All
    • Deep Discovery Email Inspector All.All
    • Deep Discovery Inspector All.All
    • Deep Security All.All
    • Deep Security as a Service All.All
    • InterScan Messaging Security Virtual Appliance All.All
    • InterScan Web Security Virtual Appliance All.All
    • OfficeScan All.All
    • ScanMail for Exchange All.All
    • ScanMail for IBM Domino All.All
    • Vulnerability Protection All.All
    • Platform:
    • Windows 10
    • Windows 2016
Summary
Microsoft has released Security Advisory 4053440 that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications. 
Exploitation of this protocol may allow an attacker to take control of an affected system.
Details
Public

Overview

Microsoft released the security advisory to provide information regarding security settings for Microsoft Office applications. This advisory provides guidance on what users can do to ensure that these applications are properly secured when processing Dynamic Data Exchange (DDE) fields.  
According to Microsoft, a potential email attack scenario could look like the following:  
"...an attacker could leverage the DDE protocol by sending a specially crafted file to the user and then convincing the user to open the file, typically by way of an enticement in an email. The attacker would have to convince the user to disable Protected Mode and click through one or more additional prompts. As email attachments are a primary method an attacker could use to spread malware, Microsoft strongly recommends that customers exercise caution when opening suspicious file attachments."
Customers are encouraged to review both the Microsoft Security Advisory, as well as US-CERT Security Tip ST04-010Using Caution with Email Attachments to learn more about these threats in general as well as for information on how to proactively guard against attacks.

Trend Micro Protection

In addition to the information listed above, several Trend Micro products with the latest version (10.300) of our Advanced Threat Scan Engine (ATSE) provide comprehensive protection against threats that utilize the DDE attack methods mentioned above.  The latest versions of the following Trend Micro products  can update to the version of ATSE mentioned above:
  • Deep Discovery Inspector (DDI)
  • Deep Discovery Email Inspector (DDEI)
  • Deep Discovery Analyzer (DDAn)
  • InterScan Messaging Security Virtual Appliance
  • InterScan Web Security Virtual Appliance
  • ScanMail for IBM Domino 
Trend Micro is currently updating other products which utlize ATSE with the latest version in the coming days.
Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
1118789
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.