Recently, security researchers Mimecast Threat Center found a new vulnerability in Microsoft Excel spreadsheet application, attainable 120 million users vulnerable to cyber attacks. It stated that the security flaw means that an attacker can use Excel's Power Query query tool, enable remote Dynamic Data Exchange (DDE) in electronic form and control the payload. In addition, Power Query malicious code can also be used to embed the data source and propagated.
(FIG from: Mimecast, via BetaNews)
Mimecast represents, Power Query provides a sophisticated and powerful, and can be used to perform the type of attack is generally difficult to detect.
Worryingly, the attacker simply lure a victim to open a spreadsheet, you can initiate a remote DDE attack, without the user having to perform any further action or confirmation.
For this discovery, Ofir Shlomo wrote in a blog post: Power Query is a powerful and scalable business intelligence (BI) tool, users can integrate it with a spreadsheet or other data sources, such as an external database , text documents, spreadsheets, or other web pages. When the link source, you can load the data into a spreadsheet and save it, or dynamically loaded (such as when you open the document).
Mimecast Threat Center team found, Power Query can be used to initiate a complex, difficult to detect attacks, which combines aspects.
With Power Query, an attacker can embed malicious content into a single data source, and then when you open the content is loaded into a spreadsheet, malicious code can be used to delete a user's computer and may endanger the execution of malicious software.
As part of a coordinated vulnerability disclosure (CVD) of, Mimecast working with Microsoft to identify whether the operation is expected behavior Power Query, and the corresponding solutions.
Unfortunately, Microsoft did not release the repair program for Power Query loopholes, but to provide a solution to alleviate this problem.