Tricking users into opening booby-trapped Microsoft Office documents is one of the most popular ways for attackers to deliver malware, but up till now the approach has primarily relied on getting those users to enable macros.The feature, called Microsoft Dynamic Data Exchange (DDE), allows Office programs to load data from other Office programs (ex: a user can use DDE to ensure a table in a Word doc gets automatically updated with data from an Excel file).(and why they won't be going away anytime soon) DDE is actually an older feature that has since been superseded by Microsoft's Object Linking and Embedding (OLE) toolkit, but it continues to be supported by all Office programs.What makes DDE especially problematic from a security perspective is that, like OLE and macros, Microsoft considers it a legitimate feature that attackers have unfortunately found a creative way of abusing.Open the registry by pressing the keyboard shortcut – Windows key R. However, the automatic fix also works for other language versions of Windows.Enter regedit into the Run menu, press Enter, and confirm with Yes. Some users who have already used Easy Fix, have observed that while the “Get The New Office” prompt stops appearing, however the “Updates Available” prompt now appears frequently but doesn’t actually install any Office 2013 updates.
After selecting "Yes," under normal circumstances the user is presented with a second prompt explaining that there is an error and asking them to confirm they want to start To open the Registry Editor, type regedit and click OK.Navigate to the following key: In the right pane of the registry editor, double-click Updates Blocked Time. In the Value data field, change the existing value to 0, and then click OK. Using Group Policy This option can be used by Office 365 Pro Plus and Business users.Although the new Microsoft Office 2016 carries improvements over the previous Office versions, you may still not want to upgrade it.Users of Office 365, who are using earlier versions of Microsoft Office desktop software are seeing this popup notification add on their computers that recommends an upgrade to Office 2016 – GET THE NEW OFFICE, It’s one of the perks of having Office 365.For instance, every time you open an Office program like say, Word, a notification in a yellow message bar on top of the window says “Get the new Office” along with “See what’s new” and “Update Office“.If you click on “Update Office” accidentally, the Office 2013 installation will be upgraded to Office 2016.Unfortunately, this second prompt can reportedly be edited or even disabled by attackers, making it even easier for the attack to slip by.To show what the attack actually looks like in action, we created a Word doc disguised as a "Weekly Revenue Report" with custom DDE field code instructing it to launch All that means DDE attacks are likely here to stay, at least for the immediate future.As always, users should be reminded to be suspicious of Office files they receive in unexpected emails, and they should be alerted to be especiously wary of the two warning prompts mentioned above.