[SingCERT] Microsoft Office's Excel Attack Vector

Published on Tuesday, 02 July 2019 15:51

Background

Security researchers have discovered a new security loophole in Microsoft Office's Excel program. Attackers can exploit a feature found in Excel called Power Query, to launch a remote Dynamic Data Exchange (DDE) attack on an Excel spreadsheet. This could allow an attacker to drop malware, profile a device, and execute arbitrary commands on a user's machine.

For more information and details on the attack vector, visit https://www.mimecast.com/blog/2019/06/exploit-using-microsoft-excel-power-query-for-remote-dde-execution-discovered/

Affected Software

  • Microsoft Office 2016 and older:
    • Excel running Power Query
Impact

Successful exploitation of the DDE feature could allow attackers to perform remote code execution and take control of the affected systems to perform malicious activities, such as unauthorised installation of programmes, creating rogue administrator accounts, and being able to view, change, or delete data.

Recommendations

Microsoft has published an advisory (https://docs.microsoft.com/en-us/security-updates/securityadvisories/2017/4053440) on mitigation measures for DDE-related attacks. Users are recommended to apply the mitigation measures immediately.

Reference