I first wrote about the Word {DDEAUTO} field and its weird ways in “Hacker’s Guide to Word for Windows.” Yes, that was 23 years ago. {DDEAUTO} precede
[See the full post at: Microsoft releases a Security Advisory about the DDEAUTO fandango]
|
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
Microsoft releases a Security Advisory about the DDEAUTO fandango
- This topic has 12 replies, 9 voices, and was last updated 7 years, 6 months ago.
AuthorViewing 4 reply threadsAuthor-
It would seem that I have a version of Office that isn’t covered by this security advisory.
Office Starter v14 (Excel & Word only)
See image 01 of my image gallery.
https://imgur.com/a/JftRQImage 02 shows that the trust center settings are missing.
Image 03 shows that the registry key is also missing.
A few days ago I had unchecked the box in options that says “update automatic links at open.” However, it’s still a bit unclear methinks.
This leads me to believe that the starter version of office is either not affected or could still be vulnerable due to the lack of security settings.
Maybe DDEAUTO only applies to enterprise or some other version that is not for home, scratches head.
Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler
1 user thanked author for this post.
-
Word Starter 2010 doesn’t support many of the fields that are in the “real” Word.
See https://support.office.com/en-us/article/Word-features-that-are-not-fully-supported-in-Word-Starter-8467554a-e9d6-4404-a599-f036b29deed8 for details.
It isn’t clear to me if this means {DDEAUTO} fields in existing documents will fire when opened in Word Starter.
1 user thanked author for this post.
-
-
I disabled DDEAUTO in Word, on both my work and home machines, by following Martin Brinkmann’s steps. There were no apparent ill effects.
I did disable DDEAUTO in Excel, but I re-enabled it right after I discovered that you can’t launch Excel files from Windows Explorer without this turned on.
1 user thanked author for this post.
-
I did disable DDEAUTO in Excel, but I re-enabled it right after I discovered that you can’t launch Excel files from Windows Explorer without this turned on.
I’ve found that you CAN do that IF you also reconfigure the command lines that start Excel as a result of double-clicking a .xls file in Explorer. For me, with Office 2010, this also restores the ability to have spreadsheets in totally separate windows – i.e., just like in the good ol’ days when Windows really did windows. For me, with multiple monitors, I find this a necessity.
Windows Update reverts this functionality, though, whenever an Office update is applied, so I reapply the following registry file every time after an update. Note that I strongly recommend researching and UNDERSTANDING what this does before applying it. Note that this is specific to Office 2010!
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Excel.CSV\shell\Edit\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE\" /e \"%1\"" "command"=- [HKEY_CLASSES_ROOT\Excel.CSV\shell\Open\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE\" /e \"%1\"" "command"=- [-HKEY_CLASSES_ROOT\Excel.CSV\shell\Open\ddeexec] [HKEY_CLASSES_ROOT\Excel.Sheet.8\shell\Edit\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE\" /e \"%1\"" "command"=- [HKEY_CLASSES_ROOT\Excel.Sheet.8\shell\Open\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE\" /e \"%1\"" "command"=- [-HKEY_CLASSES_ROOT\Excel.Sheet.8\shell\Open\ddeexec] [HKEY_CLASSES_ROOT\Excel.Sheet.12\shell\Edit\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE\" /e \"%1\"" "command"=- [HKEY_CLASSES_ROOT\Excel.Sheet.12\shell\Open\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE\" /e \"%1\"" "command"=- [-HKEY_CLASSES_ROOT\Excel.Sheet.12\shell\Open\ddeexec] [HKEY_CLASSES_ROOT\Excel.OpenDocumentSpreadsheet.12\shell\Edit\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE\" /e \"%1\"" "command"=- [HKEY_CLASSES_ROOT\Word.Document.8\shell\Open\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" "command"=- [HKEY_CLASSES_ROOT\Word.Document.12\shell\Open\command] @="\"C:\\Program Files\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" "command"=-
-Noel
5 users thanked author for this post.
-
Thanks for the information Noel. But I’m running Office 2013 and either way your approach is more bother than I want to deal with.
Since I normally have libraries disabled, I already feel like I’m playing Russian roulette every time I install a Windows roll-up.
1 user thanked author for this post.
-
Heavy Excel users might want to note the following.
I am not sure if it applies to your solution Noel, but when I do open documents in Excel 2010 in separate Windows, copy-past behaves differently and is quite annoying. I have to paste as csv or else I get something that looks more like a picture than a bunch of data. The way I open Excel files in different windows is open one file by double-clicking on it, open Excel (blank), open the second file through the open menu in the newly opened Excel blank file.
For this reason, I only open Excel files in different windows when I really need a side-by-side comparison of both files.
1 user thanked author for this post.
-
For me, with Office 2010, this also restores the ability to have spreadsheets in totally separate windows – i.e., just like in the good ol’ days when Windows really did windows. For me, with multiple monitors, I find this a necessity.
Excel 2016 restores the ability to open spreadsheets in two separate windows. The only caveat is that if your Excel window is maximized, the second spreadsheet will open on top of the first spreadsheet. But the windows aren’t fused together like they are in Excel 2010; you can easily separate them simply by moving one of them to another monitor.
This was my only complaint about Excel 2010.
Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server1 user thanked author for this post.
-
-
-
-
-
In my opinion you ought to go to Defcon 1, as 1709 is still a BSOD-generator three weeks after roll-out. I have an external USB “legacy” (MBR) drive that I keep in order to have a “master” external for use in troubleshooting systems while on-the-go.
I updated this drive on Nov. 7 after it had been sitting on a shelf for a month (so this was not a case of “old” launch-day updates sitting pending for weeks), and immediately noticed that it would no longer boot some systems (such as an HP Envy laptop) while having no issues with others (an HP Pavilion mini-tower of the same vintage). Weirdly, a clone of the drive to the laptop’s internal drive resulted in the OS working, but it refuses to boot externally. (This is not a drive or cabling issue.)
Interestingly, 1703 did not appear to be problematic, as least insofar as external booting went.
Edit to remove HTML
1 user thanked author for this post.
-
-
Good stuff!
It’s going to be quite an eye-opener for a lot of people.
1 user thanked author for this post.
-
Viewing 4 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Just got this pop-up page while browsing
by 23 minutes ago
-
KB5058379 / KB 5061768 Failures
by 8 hours, 38 minutes ago
-
Windows 10 23H2 Good to Update to ?
by 11 hours, 18 minutes ago
-
At last – installation of 24H2
by 12 hours, 2 minutes ago
-
MS-DEFCON 4: As good as it gets
by 1 hour, 39 minutes ago
-
RyTuneX optimize Windows 10/11 tool
by 1 day ago
-
Can I just update from Win11 22H2 to 23H2?
by 17 hours, 33 minutes ago
-
Limited account permission error related to Windows Update
by 1 day, 13 hours ago
-
Another test post
by 1 day, 13 hours ago
-
Connect to someone else computer
by 1 day, 8 hours ago
-
Limit on User names?
by 1 day, 11 hours ago
-
Choose the right apps for traveling
by 1 day, 1 hour ago
-
BitLocker rears its head
by 9 hours, 15 minutes ago
-
Who are you? (2025 edition)
by 8 hours, 11 minutes ago
-
AskWoody at the computer museum, round two
by 1 day, 3 hours ago
-
A smarter, simpler Firefox address bar
by 2 days ago
-
Woody
by 2 days, 9 hours ago
-
24H2 has suppressed my favoured spider
by 8 hours, 51 minutes ago
-
GeForce RTX 5060 in certain motherboards could experience blank screens
by 2 days, 23 hours ago
-
MS Office 365 Home on MAC
by 2 days, 17 hours ago
-
Google’s Veo3 video generator. Before you ask: yes, everything is AI here
by 3 days, 13 hours ago
-
Flash Drive Eject Error for Still In Use
by 8 hours, 36 minutes ago
-
Windows 11 Insider Preview build 27863 released to Canary
by 4 days, 8 hours ago
-
Windows 11 Insider Preview build 26120.4161 (24H2) released to BETA
by 4 days, 8 hours ago
-
AI model turns to blackmail when engineers try to take it offline
by 3 days, 12 hours ago
-
Migrate off MS365 to Apple Products
by 3 days, 13 hours ago
-
Login screen icon
by 3 days, 3 hours ago
-
AI coming to everything
by 18 hours, 4 minutes ago
-
Mozilla : Pocket shuts down July 8, 2025, Fakespot shuts down on July 1, 2025
by 5 days ago
-
No Screen TurnOff???
by 53 minutes ago
Remembering Woody
