Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Excel gets a variation of the Word DDE block settings

    Home Forums AskWoody blog Excel gets a variation of the Word DDE block settings

    This topic contains 5 replies, has 4 voices, and was last updated by  MrBrian 6 months, 1 week ago.

    • Author
      Posts
    • #158449 Reply

      woody
      Da Boss

      They come along for the ride with this month’s Excel security patches — but Microsoft didn’t bother to document any of it, outside of an addendum to
      [See the full post at: Excel gets a variation of the Word DDE block settings]

      2 users thanked author for this post.
    • #158459 Reply

      anonymous

      Increasingly, it seems that security vulnerabilities are being addressed through disabling the functionality an exploit might utilize for an attack. Perhaps I am overstating the case but the cyberattack hysteria we are all living with is inevitably reducing the throughput and functional features of our systems/software. The move by MS to cumulative rollups leaves us with the quandary to accept the downsides or stop patching entirely. I am starting to wonder if and when it will be time to step off this train.

      2 users thanked author for this post.
      • #158598 Reply

        EstherD
        AskWoody Lounger

        Mostly agree with you, EXCEPT that much of this functionality should NEVER have been enabled by default in the first place.

        Those who really want and need some particular functionality would soon figure out how to enable it. The rest of us would NEVER have to deal with it, and naive users would never, EVER, be put at risk by security flaws in a feature they didn’t even know existed!

        2 users thanked author for this post.
    • #158624 Reply

      MrBrian
      AskWoody MVP

      “All of this came as quite a surprise to me because Microsoft didn’t bother to document any of it in this month’s security bulletins. Instead, the description has been added to last year’s Security Advisory 170021.”

      Microsoft can send you email notifications for things like this. See Microsoft Technical Security Notifications. An alternative source: http://seclists.org/microsoft/. For example, this was the notification that Microsoft sent about the change in the security advisory mentioned above.

      1 user thanked author for this post.
    • #160021 Reply

      MrBrian
      AskWoody MVP
    • #163815 Reply

      MrBrian
      AskWoody MVP

      From Reviving DDE: Using OneNote and Excel for Code Execution: “TL;DR: You can achieve DDE execution with Excel SpreadSheets embedded within OneNote. This bypasses the original Excel mitigation ruleset (Microsoft has released a patch to properly mitigate this) as well as the Protected View sandbox”

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Excel gets a variation of the Word DDE block settings

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.