[SingCERT] Microsoft Office's Excel Attack Vector
Published on Tuesday, 02 July 2019 15:51Background
Security researchers have discovered a new security loophole in Microsoft Office's Excel program. Attackers can exploit a feature found in Excel called Power Query, to launch a remote Dynamic Data Exchange (DDE) attack on an Excel spreadsheet. This could allow an attacker to drop malware, profile a device, and execute arbitrary commands on a user's machine.
For more information and details on the attack vector, visit https://www.mimecast.com/blog/2019/06/exploit-using-microsoft-excel-power-query-for-remote-dde-execution-discovered/
- Microsoft Office 2016 and older:
- Excel running Power Query
Successful exploitation of the DDE feature could allow attackers to perform remote code execution and take control of the affected systems to perform malicious activities, such as unauthorised installation of programmes, creating rogue administrator accounts, and being able to view, change, or delete data.
Microsoft has published an advisory (https://docs.microsoft.com/en-us/security-updates/securityadvisories/2017/4053440
) on mitigation measures for DDE-related attacks. Users are recommended to apply the mitigation measures immediately.