Cybercriminals exploiting Microsoft’s vulnerable Dynamic Data Exchange (DDE) protocol

By  FortiGuard SE Team 

Visa Payment Systems Intelligence recently announced that cybercriminals are threatening the payments ecosystem by leveraging a vulnerable Microsoft Dynamic Data Exchange protocol in phishing campaigns. This phishing attack relies on the Dynamic Data Exchange (DDE) protocol for infection instead of the usual malicious macros or an exploit kit.

This exploit is related to the Microsoft Security Advisory 4053440 issued on November 8, 2017. It provides guidance on securing Microsoft applications when processing Dynamic Data Exchange (DDE) fields. The DDE protocol enables messages to be sent between Microsoft applications and uses shared data to be sent between applications. According to the advisory, malicious cyber actors could leverage the DDE protocol when delivering specially crafted files to users through phishing and web-based downloads.

Microsoft’s security advisory 4053440 covers zero-day attacks that were reported and patched in CVE-2017-8759CVE-2017-11292, and CVE-2017-11826.

FortiGuard Labs has issued three IPS signatures that defend our customers against these attacks:

Additionally, our FortiClient agent also successfully defends against these attacks with the following application protection signatures:

As always, the FortiGuard Labs team recommends that in addition to employing the protections provided by our security solutions that customers actively patch or replace vulnerable systems. We also strongly recommend that users exercise caution when opening suspicious files.

(From Fortinet blog).


Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.