Microsoft Excel Vulnerability Could Affect 120 Million Users

Microsoft Excel Vulnerability

Security flaw allows hackers to take user’s system and launch malware remotely

Researchers have discovered a security flaw in the Microsoft Excel spreadsheet editor , which has the potential to affect a total of up to 120 million users. The discoverers are part of the Mimecast team and have encountered a vulnerability in the Power Query tool .

As Fortune points out , this feature allows users to integrate spreadsheets with external databases as well as text documents and web pages. Should any hacker discover the problem, it would be able to perform attacks that are quite sophisticated and difficult to detect.

“By using Power Query, attackers could embed malicious content in a separate source and data, and then load the contents into the worksheet when it opens.” Malicious code could be used to execute malware that could compromise a user’s machine. ” 
Official Mimecast announcement

So far, Microsoft has not yet released a fix for the vulnerability. Despite this, they have published a document advising users, offering a palliative alternative to improve their safety.

“Because Power Query is a powerful tool within Microsoft Excel, the potential threat caused by the abuse of this feature is very large. Using the potential weakness of Power Query, hackers could potentially incorporate a malicious payload that has been designed not to be saved within the document itself, but rather to be downloaded from the internet when the document is opened. ” 
Official Mimecast announcement

The vulnerability is based on a method known as Dynamic Data Exchange (DDE). This is a method that is commonly used for attacks, but that is also dangerous because it gives administrative privileges to hackers.

You might also like