Shulou(Shulou.com)06/01 Report--

Excel exposed an example analysis of Power Query security vulnerabilities. In view of this problem, this article introduces the corresponding analysis and solutions in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

Recently, security researchers at the Mimecast threat Center have discovered a new vulnerability in Microsoft's Excel spreadsheet application, leaving 120 million users vulnerable to cyber attacks. It points out that this security vulnerability means that attackers can use Excel's Power Query query tool to enable remote dynamic data exchange (DDE) on spreadsheets and control the payload. In addition, Power Query can be used to embed malicious code into a data source and spread it.

(photo from: Mimecast,via BetaNews)

Mimecast says Power Query provides mature and powerful capabilities and can be used to perform types of attacks that are often difficult to detect.

Worryingly, an attacker can simply entice the victim to open a spreadsheet to launch a remote DDE attack without any further action or confirmation by the user.

For this discovery, Ofir Shlomo wrote in a blog post that Power Query is a powerful and extensible business intelligence (BI) tool that users can integrate with spreadsheets or other data sources, such as external databases, text documents, other spreadsheets or web pages. When you link to a source, you can load the data and save it to a spreadsheet, or load it dynamically (such as when you open a document).

The Mimecast threat Center team found that Power Query can also be used to launch complex, difficult-to-detect attacks that combine multiple aspects.

With Power Query, an attacker can embed malicious content into a separate data source and then load the content into a spreadsheet when opened, and malicious code can be used to remove and execute malicious software that could endanger the user's computer.

As part of the Coordination of vulnerability Disclosure (CVD), Mimecast works with Microsoft to determine whether the operation is the expected behavior of Power Query and the corresponding solution.

Unfortunately, Microsoft did not release a bug fix for Power Query, but provided a solution to alleviate the problem.

This is the answer to the sample analysis question about the Power Query security vulnerability exposed by Excel. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.