I first wrote about the Word {DDEAUTO} field and its weird ways in “Hacker’s Guide to Word for Windows.” Yes, that was 23 years ago. {DDEAUTO} precede
[See the full post at: Microsoft releases a Security Advisory about the DDEAUTO fandango]
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Microsoft releases a Security Advisory about the DDEAUTO fandango
- This topic has 12 replies, 9 voices, and was last updated 7 years, 6 months ago.
AuthorViewing 4 reply threadsAuthor-
It would seem that I have a version of Office that isn’t covered by this security advisory.
Office Starter v14 (Excel & Word only)
See image 01 of my image gallery.
https://imgur.com/a/JftRQImage 02 shows that the trust center settings are missing.
Image 03 shows that the registry key is also missing.
A few days ago I had unchecked the box in options that says “update automatic links at open.” However, it’s still a bit unclear methinks.
This leads me to believe that the starter version of office is either not affected or could still be vulnerable due to the lack of security settings.
Maybe DDEAUTO only applies to enterprise or some other version that is not for home, scratches head.
Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler
1 user thanked author for this post.
-
Word Starter 2010 doesn’t support many of the fields that are in the “real” Word.
See https://support.office.com/en-us/article/Word-features-that-are-not-fully-supported-in-Word-Starter-8467554a-e9d6-4404-a599-f036b29deed8 for details.
It isn’t clear to me if this means {DDEAUTO} fields in existing documents will fire when opened in Word Starter.
1 user thanked author for this post.
-
I disabled DDEAUTO in Word, on both my work and home machines, by following Martin Brinkmann’s steps. There were no apparent ill effects.
I did disable DDEAUTO in Excel, but I re-enabled it right after I discovered that you can’t launch Excel files from Windows Explorer without this turned on.
1 user thanked author for this post.
-
I did disable DDEAUTO in Excel, but I re-enabled it right after I discovered that you can’t launch Excel files from Windows Explorer without this turned on.
I’ve found that you CAN do that IF you also reconfigure the command lines that start Excel as a result of double-clicking a .xls file in Explorer. For me, with Office 2010, this also restores the ability to have spreadsheets in totally separate windows – i.e., just like in the good ol’ days when Windows really did windows. For me, with multiple monitors, I find this a necessity.
Windows Update reverts this functionality, though, whenever an Office update is applied, so I reapply the following registry file every time after an update. Note that I strongly recommend researching and UNDERSTANDING what this does before applying it. Note that this is specific to Office 2010!
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Excel.CSV\shell\Edit\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE\" /e \"%1\"" "command"=- [HKEY_CLASSES_ROOT\Excel.CSV\shell\Open\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE\" /e \"%1\"" "command"=- [-HKEY_CLASSES_ROOT\Excel.CSV\shell\Open\ddeexec] [HKEY_CLASSES_ROOT\Excel.Sheet.8\shell\Edit\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE\" /e \"%1\"" "command"=- [HKEY_CLASSES_ROOT\Excel.Sheet.8\shell\Open\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE\" /e \"%1\"" "command"=- [-HKEY_CLASSES_ROOT\Excel.Sheet.8\shell\Open\ddeexec] [HKEY_CLASSES_ROOT\Excel.Sheet.12\shell\Edit\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE\" /e \"%1\"" "command"=- [HKEY_CLASSES_ROOT\Excel.Sheet.12\shell\Open\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE\" /e \"%1\"" "command"=- [-HKEY_CLASSES_ROOT\Excel.Sheet.12\shell\Open\ddeexec] [HKEY_CLASSES_ROOT\Excel.OpenDocumentSpreadsheet.12\shell\Edit\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE\" /e \"%1\"" "command"=- [HKEY_CLASSES_ROOT\Word.Document.8\shell\Open\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" "command"=- [HKEY_CLASSES_ROOT\Word.Document.12\shell\Open\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" "command"=-
-Noel
5 users thanked author for this post.
-
Thanks for the information Noel. But I’m running Office 2013 and either way your approach is more bother than I want to deal with.
Since I normally have libraries disabled, I already feel like I’m playing Russian roulette every time I install a Windows roll-up.
1 user thanked author for this post.
-
Heavy Excel users might want to note the following.
I am not sure if it applies to your solution Noel, but when I do open documents in Excel 2010 in separate Windows, copy-past behaves differently and is quite annoying. I have to paste as csv or else I get something that looks more like a picture than a bunch of data. The way I open Excel files in different windows is open one file by double-clicking on it, open Excel (blank), open the second file through the open menu in the newly opened Excel blank file.
For this reason, I only open Excel files in different windows when I really need a side-by-side comparison of both files.
1 user thanked author for this post.
-
For me, with Office 2010, this also restores the ability to have spreadsheets in totally separate windows – i.e., just like in the good ol’ days when Windows really did windows. For me, with multiple monitors, I find this a necessity.
Excel 2016 restores the ability to open spreadsheets in two separate windows. The only caveat is that if your Excel window is maximized, the second spreadsheet will open on top of the first spreadsheet. But the windows aren’t fused together like they are in Excel 2010; you can easily separate them simply by moving one of them to another monitor.
This was my only complaint about Excel 2010.
Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server1 user thanked author for this post.
-
-
In my opinion you ought to go to Defcon 1, as 1709 is still a BSOD-generator three weeks after roll-out. I have an external USB “legacy” (MBR) drive that I keep in order to have a “master” external for use in troubleshooting systems while on-the-go.
I updated this drive on Nov. 7 after it had been sitting on a shelf for a month (so this was not a case of “old” launch-day updates sitting pending for weeks), and immediately noticed that it would no longer boot some systems (such as an HP Envy laptop) while having no issues with others (an HP Pavilion mini-tower of the same vintage). Weirdly, a clone of the drive to the laptop’s internal drive resulted in the OS working, but it refuses to boot externally. (This is not a drive or cabling issue.)
Interestingly, 1703 did not appear to be problematic, as least insofar as external booting went.
Edit to remove HTML
1 user thanked author for this post.
-
Good stuff!
It’s going to be quite an eye-opener for a lot of people.
1 user thanked author for this post.
Viewing 4 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Xfinity home internet
by 2 hours, 2 minutes ago
-
Convert PowerPoint presentation to Impress
by 36 minutes ago
-
Debian 12.11 released
by 9 hours, 2 minutes ago
-
Microsoft: Troubleshoot problems updating Windows
by 12 hours, 44 minutes ago
-
Woman Files for Divorce After ChatGPT “Reads” Husband’s Coffee Cup
by 10 hours, 13 minutes ago
-
Moving fwd, Win 11 Pro,, which is best? Lenovo refurb
by 9 hours, 12 minutes ago
-
DBOS Advanced Network Analysis
by 1 day, 5 hours ago
-
Microsoft Edge Launching Automatically?
by 20 hours, 4 minutes ago
-
Google Chrome to block admin-level browser launches for better security
by 1 day, 8 hours ago
-
iPhone SE2 Stolen Device Protection
by 1 day ago
-
Some advice for managing my wireless internet gateway
by 8 hours, 8 minutes ago
-
NO POWER IN KEYBOARD OR MOUSE
by 59 minutes ago
-
A CVE-MITRE-CISA-CNA Extravaganza
by 1 day, 17 hours ago
-
Sometimes I wonder about these bots
by 1 day, 14 hours ago
-
Does windows update component store “self heal”?
by 1 day, 4 hours ago
-
Windows 11 Insider Preview build 27858 released to Canary
by 2 days, 7 hours ago
-
Pwn2Own Berlin 2025: Day One Results
by 15 hours, 43 minutes ago
-
Windows 10 might repeatedly display the BitLocker recovery screen at startup
by 4 hours, 21 minutes ago
-
Windows 11 Insider Preview Build 22631.5409 (23H2) released to Release Preview
by 2 days, 10 hours ago
-
Windows 10 Build 19045.5912 (22H2) to Release Preview Channel
by 2 days, 10 hours ago
-
Kevin Beaumont on Microsoft Recall
by 1 day, 23 hours ago
-
The Surface Laptop Studio 2 is no longer being manufactured
by 2 days, 18 hours ago
-
0Patch, where to begin
by 2 days, 12 hours ago
-
CFPB Quietly Kills Rule to Shield Americans From Data Brokers
by 3 days, 8 hours ago
-
89 million Steam account details just got leaked,
by 2 days, 20 hours ago
-
KB5058405: Linux – Windows dual boot SBAT bug, resolved with May 2025 update
by 3 days, 16 hours ago
-
A Validation (were one needed) of Prudent Patching
by 3 days, 7 hours ago
-
Master Patch Listing for May 13, 2025
by 9 hours, 57 minutes ago
-
Installer program can’t read my registry
by 1 hour, 51 minutes ago
-
How to keep Outlook (new) in off position for Windows 11
by 3 days, 5 hours ago
Remembering Woody
