The Digital Bond blog has more details on the netDDE Share vulnerability announced by US CERT.    It’s not really shocking news that netDDE is lacking in the security department, but the vulnerability can lead to very serious consequences if the wildcard share is used.  As Dale said in his posting, a lot of commercial products use netDDE shares and people are using the wildcard share.  I’ve posted in the past on OPC vs DDE and security was one of the key items.  This announcement just adds more weight to the argument.

As much as many people would like DDE to go away, there are many products out there that support it.   Some have DDE as the only available third party interface.  So what are users supposed to do?   One option is to use DDE for the local connection (thus avoiding the use of the vulnerable netDDE shares), and use OPC for the remote connections.   There are OPC Server/DDE Client and OPC Client/DDE Server products available for both ends of the architecture.    By disabling netDDE completely and properly configuring DCOM you have a much more secure system.

For those using netDDE out there today, why not OPC?  Is it the simplicity of setting up DDE?  The trade off for security outweights the headaches of DCOM?  Other reasons?