No attachment needed for new Office security bug


Office for Mere Mortals
Your beginners guide to the secrets of Microsoft Office
Invalid email address
Tips and help for Word, Excel, PowerPoint and Outlook from Microsoft Office experts.  Give it a try. You can unsubscribe at any time.  Office for Mere Mortals has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy

There’s a new Office security bug that can be exploited with just an email or calendar invite as well as the more common infected Office document.

The new Office exploit uses the long-standing DDE system which allows Office documents to ‘talk’ to each other.  Until told otherwise, best to assume that all versions of Office are affected because DDE has been a core part of Office for over two decades.

Microsoft, as usual, hasn’t commented.  Customers can only hope the company is working on a fix.

Sophos first reported the DDE exploit arriving via Office documents.

Later someone figured the same exploit could be accessed via an email or calendar invite.  That’s important because the email or invite version is trigged automatically.  Users don’t have to open a document.

The good news

Happily, some dialog boxes appear in Outlook which should raise a ‘red flag’ to any cautious Office user.

Clicking ‘No’ to either of these dialog boxes will disable the attack.

no attachment needed for new office security bug 15481 - No attachment needed for new Office security bug

“This document contains links that may refer to other files. Do you want to update this document with the data from the linked files?”
And then, something like this, but the commands/programs might differ.

no attachment needed for new office security bug 15483 - No attachment needed for new Office security bug

“The remote data (k powershell -w hidden -NoP -NoExit -) is not accessible. Do you want to start the application C:\windows\system32\cmd.exe?”

Another safeguard would be to view all emails in plain text format.  We don’t recommend that because many modern emails would be almost unreadable in a text rendering.

Of course, all the major security software makers know about this exploit and should have added it to their detection systems.  As usual, make sure you have the latest update for Windows Defender and other AV software.

subs profile e1563205311409 - No attachment needed for new Office security bug
Latest news & secrets of Microsoft Office

Microsoft Office experts give you tips and help for Word, Excel, PowerPoint and Outlook.

Give it a try. You can unsubscribe at any time.  Office Watch has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy
Invalid email address