Ticket Reference: T20171013.0012

Event Date: 2017-10-13

Severity Level: S3-Medium

Systems Impacted: Microsoft Office users

 

Overview

 

We would like to bring to your attention an issue with Microsoft Word and other Office applications that could be used to compromise a user’s computer. Microsoft Dynamic Data Exchange (DDE) is a feature which allows an Office application to load data from other Office applications, and recent discoveries have found that can be leveraged to run malicious code, without the need for macros.

 

If a document contains a malicious DDE element, the user may see the following warning prompts. Note that these prompts do not directly mention any security issues, and it is possible for a hacker to manipulate these dialog messages to obfuscate the warnings even more.

 

 

Recommendations

 

We recommend sending communication to end users to be vigilant when opening documents from unknown or untrusted sources, and to take any warning dialog message with extreme caution. All suspicious emails should be reported to 5thColumn Security Team immediately for further investigation. Anti-virus system and anti-malware systems will not normally detect these threats.

 

Contact

If you have any other questions or emergencies, please contact the 5thColumn Security Team at servicedesk@5thcolumn.net

 

References

https://www.bleepingcomputer.com/news/security/microsoft-office-attack-runs-malware-without-needing-macros/

https://thehackernews.com/2017/10/ms-office-dde-malware.html