You might recall that Microsoft disabled automated Dynamic Knowledge Trade (DDE) in Phrase again in December. I wrote about the issue and its answer in “Place of job as a malware supply platform: DDE, Scriptlets, Macro obfuscation.” Microsoft stopped automated DDE, the box in Phrase, whilst putting in sure registry entries that may melt that call.
This month, I used to be shocked to find Microsoft has made a more or less analogous alternate in Excel. Making use of this month’s Excel safety patches doesn’t alternate the DDE server release and DDE server look up settings, but it surely does give admins the facility to stifle either one of the consumer activates related to DDE get right of entry to.
For instance, in case your workbook comprises a DDEInitiate command, sooner than the DDE connection will get established, by means of default the consumer sees a steered like the only within the screenshot.
Excel’s habits with DDE is reasonably other from Phrase’s, so those new settings and their meanings are other. Excel has lengthy had 3 settings that restrict DDE constructed into the product itself:
- The Replace hyperlinks to different paperwork choice within the Complex phase of the Excel Choices conversation field.
- The startup steered for the workbook can also be set to Do not show the alert and do not replace automated hyperlinks.
- Recommended consumer about Knowledge Connections or Disable automated replace of workbook hyperlinks choice within the Exterior Content material phase of the Consider Middle.
This month’s 4 Excel safety patches — KB 4011602 for Excel 2007, KB 4011660 for Excel 2010, KB 4011639 for Excel 2013 and KB 4011627 for Excel 2016 — each and every upload two new registry entries. One of the most new registry settings instructs Excel to skip the DDEInitiate conversation field (according to the screenshot) and act as though the consumer clicked “No.” The opposite tells Excel to forget about DDE requests coming from in other places at the gadget.
All of this got here as reasonably a wonder to me as a result of Microsoft didn’t hassle to file any of it on this month’s safety announcements. As an alternative, the outline has been added to closing yr’s Safety Advisory 170021.
In case you’re involved in blocking off probably spurious DDE requests in Excel, have a look at Safety Advisory 170021.
Thx, @MrBrian on AskWoody.
Place of job patches curdling your mind? Sign up for us for treatment at the AskWoody Living room.