-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
Securely opening Microsoft Office documents that contain
Dynamic Data Exchange (DDE) fields
9 November 2017
AusCERT Security Bulletin Summary
Product: Microsoft Office
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Member content until: Saturday, December 9 2017
Mitigation steps are released by Microsoft as an attacker could
leverage the DDE protocol in Microsoft Office and Microsoft Excel
documents to install malware.
The software and versions affected are:
Office 2016 
An attacker could leverage the DDE protocol by sending a specially
crafted file to the user and then convincing the user to open the
file, typically by way of an enticement in an email.
Malicious code and commands of the attacker's choosing is then able
to be run on the victim's computer.
There are news articles of this attack vector being used in the
Additionally AusCERT has seen malware campaigns using this attack
vector in the wild.
Microsoft has released steps to mitigate the attack, but in applying
the mitigation some functionality of Microsoft Excel and Microsoft
Outlook may be affected. 
 Microsoft Security Advisory 4053440
 Nearly undetectable Microsoft Office exploit installs malware
without an email attachment
 APT28's latest Word doc attack eliminates needing to enable macros
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: email@example.com
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----