Microsoft Excel is one of those products from Microsoft that is the most boring for some and very interesting for others. Now, the people who find it boring are the ones who just use it to punch in a bunch of spreadsheets every day.
However, people who know how capable Microsoft Excel is will find it interesting. But we are now getting reports which state that even hackers are finding Microsoft Excel interesting which is not a good thing for its security. The report from Wired reveals that hackers are using Microsoft Excel’s features against itself.
Researchers from Mimecast have revealed that Excel’s feature called Power Query can be manipulated and used to facilitate established Office 365 system attacks. This feature called Power Query lets users combine data from different sources with a spreadsheet.
However, hackers are using this feature to link to a malicious webpage which contains malware. These spreadsheets are then spread everywhere and it is certain to create havoc because of the malware. This malware can grant system privileges to the hackers as well as install backdoors.
Mimecast’s chief scientist Meni Farjon says that “Attackers don’t need to invest in a very sophisticated attack—they can just open up Microsoft Excel and use its own tools, And you have basically 100% reliability.
The exploit will work in all the versions of Excel as well as new versions, and will probably work across all operating systems, programming languages, and sub-versions because it’s based on a legitimate feature. That makes it very viable for attackers.”
Once the Power Query feature connects to a malicious webpage, something called as Dynamic Data Exchange attach can be done by hackers. Meni Farjon adds that this method is “easy, it’s exploitable, it’s cheap, and it’s reliable.” Although Microsoft gives users prompt when two programs get linked through DDE but they are not enough.