Summary
Microsoft has released Security Advisory 4053440 that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications.
Exploitation of this protocol may allow an attacker to take control of an affected system.
Details
Overview
Microsoft released the security advisory to provide information regarding security settings for Microsoft Office applications. This advisory provides guidance on what users can do to ensure that these applications are properly secured when processing Dynamic Data Exchange (DDE) fields.
According to Microsoft, a potential email attack scenario could look like the following:
"...an attacker could leverage the DDE protocol by sending a specially crafted file to the user and then convincing the user to open the file, typically by way of an enticement in an email. The attacker would have to convince the user to disable Protected Mode and click through one or more additional prompts. As email attachments are a primary method an attacker could use to spread malware, Microsoft strongly recommends that customers exercise caution when opening suspicious file attachments."
Customers are encouraged to review both the Microsoft Security Advisory, as well as US-CERT Security Tip ST04-010: Using Caution with Email Attachments to learn more about these threats in general as well as for information on how to proactively guard against attacks.
Trend Micro Protection
In addition to the information listed above, several Trend Micro products with the latest version (10.300) of our Advanced Threat Scan Engine (ATSE) provide comprehensive protection against threats that utilize the DDE attack methods mentioned above. The latest versions of the following Trend Micro products can update to the version of ATSE mentioned above:
- Deep Discovery Inspector (DDI)
- Deep Discovery Email Inspector (DDEI)
- Deep Discovery Analyzer (DDAn)
- InterScan Messaging Security Virtual Appliance
- InterScan Web Security Virtual Appliance
- ScanMail for IBM Domino
Trend Micro is currently updating other products which utlize ATSE with the latest version in the coming days.