DDE or Dynamic Data Exchange is a protocol that establishes how application interact and send messages to share data through shared memory. The bad guys unfortunately were leveraging a loophole to exploit this by using a booby-trapped document. Mostly the attack relay a lot on email as a delivery method to infect a remote user. This is what Microsoft said: “In an email attack scenario, an attacker could leverage the DDE protocol by sending a specially crafted file to the user and then convincing the user to open the file, typically by way of an enticement in an email.
Microsoft has released a security advisory, so make sure you follow that. The guidance is here but as always be carefully on opening email attachments that you are not sure of their origin. this might seem an old advise you’ve heard hundred of times but it is very relevant today.
