When the Qualys agent detects QID:110307 - "Microsoft Office Dynamic Data Exchange (DDE) Vulnerability (KB 4053440)", it lists several missing registry settings in HKCU. Since there are multiple user profiles/registry hives on the machine, which hive is Qualys looking at to determine the machine is vulnerable? I have tried adding the settings for my user account on a machine but Qualys still shows it as vulnerable. Surely it is not scanning all the user profiles? If it is, this is a mess to remediate.
Here is a sample results section from one machine:
C:\Program Files (x86)\Microsoft Office\Office14\\EXCEL.exe found
HKCU\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\Excel\Security WorkbookLinkWarnings is missing.
C:\Program Files (x86)\Microsoft Office\Office14\\outlook.exe found
HKCU\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\Word\Options\WordMail DontUpdateLinks is missing.
C:\Program Files (x86)\Microsoft Office\Office14\\winword.exe found
HKCU\SOFTWARE\Wow6432Node\Microsoft\Office\14.0\Word\Options DontUpdateLinks is missing.