AnsweredAssumed Answered

Microsoft Office Dynamic Data Exchange (DDE) Vulnerability (KB 4053440)

Question asked by adamc on Feb 15, 2018
Latest reply on Feb 20, 2018 by adamc

Is anyone remediating this vulnerability without disabling it entirely?

Qualys references KB4053440 which details disabling DDE across Excel and Word for all users.

 

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170021 details several remediation/mitigation options: 

If you need to change DDE functionality in Word after installing the update, follow these steps:

  1. In the Registry Editor navigate to \HKEY_CURRENT_USER\Software\Microsoft\Office<version>\Word\Security AllowDDE(DWORD)
  2. Set the DWORD value based on your requirements as follows:
  • AllowDDE(DWORD) = 0: To disable DDE. This is the default setting after you install the update.
  • AllowDDE(DWORD) = 1: To allow DDE requests to an already running program, but prevent DDE requests that require another executable program to be launched.
  • AllowDDE(DWORD) = 2: To fully allow DDE requests.

**Update: ** On 1/9/2018, Microsoft released an update for Microsoft Office that adds defense-in-depth configuration options to selectively disable the DDE protocol in all supported editions of Microsoft Excel.

If you need to change DDE functionality in Excel after installing the update, follow these steps:

  1. In the Registry Editor navigate to \HKEY_CURRENT_USER\Software\Microsoft\Office<version>\Excel\Security DisableDDEServerLaunch(DWORD)
  2. Set the DWORD value based on your requirements as follows:
  • DisableDDEServerLaunch = 0: Keep DDE server launch settings unchanged from their initial behavior. This is the default setting after you install the update.
  • DisableDDEServerLaunch = 1: Do not display the dialog that allows users to choose whether to launch a specific DDE server. Instead, behave automatically as though the user chose the default choice of NO.
  1. In the Registry Editor navigate to \HKEY_CURRENT_USER\Software\Microsoft\Office<version>\Excel\Security DisableDDEServerLookup(DWORD)
  2. Set the DWORD value based on your requirements as follows:
  • DisableDDEServerLookup = 0: Keep DDE server lookup settings unchanged from their initial behavior. This is the default setting after you install the update.
  • DisableDDEServerLookup = 1: Disable querying for DDE Server availability – no query attempt will be made to find DDE servers. .

Outcomes