Preventing Remote Code Execution in DataSnipper: Disable "Dynamic Data Exchange Server Launch"
Issue: A Remote Code Execution vulnerability was identified, which could be exploited if specific Excel settings are enabled. Our security recommends disabling this settings, which is already turned off by Microsoft.
Resolution: It is strongly recommended to keep Microsoft default setting for "Enable Dynamic Data Exchange Server Launch" disabled. Microsoft's documentation states, "For security, we recommend that you leave this check box cleared. By default, this option isn't selected." (source: https://learn.microsoft.com/en-us/office/troubleshoot/excel/security-settings)