123 matches found
December Patch Tuesday: Quiet End to the Year
This December Patch Tuesday is considerably lighter than last month’s patch releases. While only three of the fixes were for Windows operating systems, the majority of the vulnerabilities to pay attention to are Browser/Scripting Engine-based. Overall, this month's updates address are fixes for 3...
Microsoft Patch Tuesday - December 2017
Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 34 new vulnerabilities with 21 of them rated critical and 13 of them rated important. These vulnerabilities...
Microsoft Office Defense in Depth Update
Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure. The update disables the Dynamic Data Exchange protocol DDE in all supported editions of Microsoft Word. Microsoft is continuing to investigate this issue and will update this...
Microsoft Office DDE Payload Delivery
This module generates an DDE command to place within a word document, that when executed, will retrieve a HTA payload via HTTP from an web server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
DDEtect - Simple DDE Object Detector
Written by Amit Serper, @0xAmit DDEtector is a simple DDE object detector written in python Currently supports only word DOCX and legacy DOC files Prints the contents of the DDE payloads Note: In some cases DDEtect won't print the entire DDE payload. I'm working on writing a better matching...
Microsoft Excel 'Dynamic Data Exchange (DDE)' Attacks Security Advisory (4053440)
This host is missing an important security update according to Microsoft Security Advisory 4053440. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Microsoft Outlook 'Dynamic Data Exchange (DDE)' Attacks Security Advisory (4053440)
This host is missing an important security update according to Microsoft Security Advisory 4053440. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Microsoft Publisher 'Dynamic Data Exchange (DDE)' Attacks Security Advisory (4053440)
This host is missing an important security update according to Microsoft Security Advisory 4053440. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Microsoft Provides Guidance on Mitigating DDE Attacks
Despite a rash of attacks leveraging Dynamic Data Exchange fields in Office, including some spreading destructive ransomware, Microsoft has remained insistent that DDE is a product feature and won’t address it as a vulnerability. Microsoft on Wednesday did, however, put some guidance in admins’...
Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)
Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange DDE fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Microsoft...
Russian 'Fancy Bear' Hackers Using (Unpatched) Microsoft Office DDE Exploit
Cybercriminals, including state-sponsored hackers, have started actively exploiting a newly discovered Microsoft Office vulnerability that Microsoft does not consider as a security issue and has already denied to patch it. Last month, we reported how hackers could leverage a built-in feature of...
X (Formerly Twitter): OS Command Execution on User's PC via CSV Injection
Summary: Twitter is vulnerable to CSV Injection. If an attacker can successfully exploit this, then they will compromise the PC of the user. The injection point is via a tweet on the main twitter.com site while the retrieval point is via the “Export Data” option on the analytics site. Description...
A week in security (October 16 – October 22)
Last week was an eventful one in security, keeping our research and intel teams on their toes. Multiple security researchers homed in on suspicious and malicious apps on Google Play, affecting thousands of Android users. A new variant of Mac malware Proton was also found in the wild, this time...
Necurs-Based DDE Attacks Now Spreading Locky Ransomware
Microsoft may soon have to reflect on its stance that the use of an Office feature called DDE to execute code on compromised computers doesn’t merit a patch. The SANS Internet Storm Center last night said the Necurs botnet has been spreading Locky ransomware using the DDE attack. Handler Brad...
Microsoft Office DDE Remote Code Execution
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to the DDE feature that allows an Office application to load data from other Office applications. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted ema...
Unpatched Microsoft Word DDE Exploit Being Used In Widespread Malware Attacks
A newly discovered unpatched attacking method that exploits a built-in feature of Microsoft Office is currently being used in various widespread malware attack campaigns. Last week we reported how hackers could leveraging an old Microsoft Office feature called Dynamic Data Exchange DDE, to perfor...
Old MS Office feature weaponized in malspam attacks
There have been a lot of talks recently following a write up and proof of concept about a Microsoft Office feature that can be misused and weaponized by malicious actors. The protocol, known as Dynamic Data Exchange.aspx DDE, has actually been around for a long time, and allows applications to...
Legacy Office Feature Used In Novel Document Attacks
Recent document-based attacks have leveraged malicious macros that if enabled install malware. But, researchers at SensePost have developed a proof-of-concept attack that does not require macros and instead uses an old Microsoft Office feature called Dynamic Data Exchange to execute code on...
MS Office Built-in Feature Allows Malware Execution Without Macros Enabled
Since new forms of cybercrime are on the rise, traditional techniques seem to be shifting towards more clandestine that involve the exploitation of standard system tools and protocols, which are not always monitored. Security researchers at Cisco's Talos threat research group have discovered one...
Macro-less Code Exec in MSWord
Authors: Etienne Stalmans, Saif El-Sherei What if we told you that there is a way to get command execution on MSWord without any Macros, or memory corruption?! Windows provides several methods for transferring data between applications. One method is to use the Dynamic Data Exchange DDE protocol...