Unpatched Microsoft Word DDE Exploit Being Used In Widespread Malware Attacks

DooKey

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
13,561
There's a newly discovered unpatched attack method out there that exploits a built-in feature of Microsoft Office. Apparently it is currently being used in various widespread malware attack campaigns. This new method uses DDE and doesn't require a macro to work. The way to protect yourself is to disable "update automatic links at Open" option, or better yet, don't open a document that you aren't sure of.

The DDE exploitation technique displays no "security" warnings to victims, except asking them if they want to execute the application specified in the command—although this popup alert could also be eliminated "with proper syntax modification."
 
This is far worse than the "KRACK" exploit that was found earlier this week. While krack sounds far scarier this will undoubtedly do more damage and affect far more "average joes".
 
U-238 said:
This is far worse than the "KRACK" exploit that was found earlier this week. While krack sounds far scarier this will undoubtedly do more damage and affect far more "average joes".
Click to expand...

You still need to download the document, and still need to open it on your machine just like any other trojan. What makes more people worried about KRACK is there is no user interaction required for the exploit, even if it's far more unlikely they'll be targeted. There's no reason to be truly worried about either, it's the same steps as always. Tell everyone that's less than computer literate to not open attachments, and not open mail from people they don't know, like we have to do with every other round of phishing.
 
Oniigumo said:
You still need to download the document, and still need to open it on your machine just like any other trojan. What makes more people worried about KRACK is there is no user interaction required for the exploit, even if it's far more unlikely they'll be targeted. There's no reason to be truly worried about either, it's the same steps as always. Tell everyone that's less than computer literate to not open attachments, and not open mail from people they don't know, like we have to do with every other round of phishing.
Click to expand...

I'm sure there'll be some weakness in Outlook that will download and automatically open the attachment with minimal user interaction.
 
BulletDust said:
I'm sure there'll be some weakness in Outlook that will download and automatically open the attachment with minimal user interaction.
Click to expand...
The exploit is known and has been left unpatched for years. The email just has to be similar to this and it'll just "magically open".. the users will tell you so.
Code: 
From: [email protected]
To: [email protected]
Subject: Updated list of company salaries
Attachment: "NotReallySalaries.doc"

Hi,
You'll find the compiled list of salaries for raise evaluation attached.

Thanks,
Not-Betty-From-HR
 
Jim Kim said:
And we all know how well that works. ;)
Click to expand...
It works perfectly fine, but people have problems following simple instructions. It's practically all you can do to help, you can't help people from themselves. It was what helped Blaster, and this sure as hell isn't going to be on the same scale as that.
 
jedijeb13 said:
I wonder if Libre Office is vulnerable to this?
Click to expand...

No different software.

Open software will always be far more secure. The code is open and has many eyes on it, when someone spots an issue and reports... someone fixes it. Of course things slip through... but in general the number major security issues that have lived in live Libre code over the years have been small and short lived, with a couple exceptions that required very specific software setups to exploit. In general most OSS software has vulnerabilities both discovered more often and fixed in general faster. Of course updates still need to be applied... If your stuck on a MS OS its always wise to be checking you have the latest versions of things like Libre ect.

https://www.libreoffice.org/about-us/security/advisories/

https://www.cvedetails.com/vulnerab...product_id-21008/Libreoffice-Libreoffice.html
 
You must log in or register to reply here.
Back
Top