McAfee Labs has released a new Threat Advisory for W97M/Macroless - Dynamic Data Exchange (DDE Attack Exploit).
Overview
This threat advisory contains information about the exploit currently being used in the wild for the MS Office DDE feature. DDE stands for Dynamic Data Exchange and is a feature that allow Office applications to talk to each other and exchange data. Malicious actors are using this feature to execute external applications without use of a macro. This exploit is currently being used in the wild to execute Powershell in order to download more malware.
For details, see Knowledge Base document PD27325 at https://kc.mcafee.com/corporate/index?page=content&id=PD27325
Overview
This threat advisory contains information about the exploit currently being used in the wild for the MS Office DDE feature. DDE stands for Dynamic Data Exchange and is a feature that allow Office applications to talk to each other and exchange data. Malicious actors are using this feature to execute external applications without use of a macro. This exploit is currently being used in the wild to execute Powershell in order to download more malware.
For details, see Knowledge Base document PD27325 at https://kc.mcafee.com/corporate/index?page=content&id=PD27325