Microsoft Office’s Excel Attack Vector

 In Security Alerts

SYSTEMS AFFECTED

Microsoft Office 2016 and older:

  • Excel running Power Query

 

THREAT LEVEL

High

OVERVIEW

Microsoft Excel called Power Query to dynamically launch a remote Dynamic Data Exchange (DDE) attack into an Excel spreadsheet and actively control the payload Power Query.

A feature in Microsoft Office’s Excel spreadsheet program called Power Query can be exploited to plant malware on remote systems. Researchers at Mimecast Threat Center say they have developed a proof-of-concept attack scenario and reported the vulnerability last month.

DESCRIPTION

A feature in Microsoft Office’s Excel spreadsheet program called Power Query can be exploited to plant malware on remote systems. Researchers at Mimecast Threat Center say they have developed a proof-of-concept attack scenario and reported the vulnerability Thursday.

The exploitable feature in Excel, called Power Query, allows users to embed outside data sources such as external databases or web-based data into a spreadsheet. Mimecast threat center have developed a technique to launch a remote Dynamic Data Exchange (DDE) attack into an Excel spreadsheet, deliver a malicious payload and actively control the payload via Power Query. researchers say in older versions of Microsoft Excel 2010 the payload is automatically executed, no user interaction needed.

 

IMPACT

Successful exploitation of the DDE feature could allow attackers to perform remote code execution and take control of the affected systems to perform malicious activities, such as unauthorised installation of programmes, creating rogue administrator accounts, and being able to view, change, or delete data.

SOLUTION

Microsoft has published an advisory (https://docs.microsoft.com/en-us/security-updates/securityadvisories/2017/4053440) on mitigation measures for DDE-related attacks. Users are recommended to apply the mitigation measures immediately. 

 REFERENCE

  1. https://threatpost.com/microsoft-excel-attack-vector/146062/
  2. https://www.mimecast.com/blog/2019/06/exploit-using-microsoft-excel-power-query-for-remote-dde-execution-discovered/
  3. https://docs.microsoft.com/en-us/security-updates/securityadvisories/2017/4053440
  4. https://www.csa.gov.sg/singcert/news/advisories-alerts/microsoft-office-excel-attack-vector

CREDITS

The Mimecast Threat Center

DISCLAIMER

The information provided herein is on “as is” basis, without warranty of any kind.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt