Recently, security researchers have found a loophole in Microsoft Excel which can put 120 million users at risk. Researchers at security firm Mimecast Services Ltd. found this vulnerability.
The power query function in Excel that allows users to get data from other resources can be manipulated by hackers. This loophole can allow hackers to use power query to launch a dynamic data exchange (DDE) attack in an Excel spreadsheet. Not just that, this vulnerability can even allow hackers to launch a more critical attack that can involve different sorts of malware and can easily compromise the user’s machine as soon as they open the spreadsheet.
With this feature, hackers can have control over the victim’s machine before delivering any payloads. The hacker can make the malicious payload look harmless to the victim or other security solutions.
It is strongly recommended to implement all the things Microsoft suggested because of the threat and the risk for Microsoft users is real and could be damaging.
The positive thing about this vulnerability is that there’s no report regarding any system failure or malicious attacks by this loophole.
However, the bad news is that DDE feature is usually enabled by default and users usually don't turn it off.
Microsoft now fully rely on its users to take appropriate actions, one of the wisest things to secure your data is to disable DDE feature and try to not download or open any spreadsheets sent over emails. And then lastly, you need to take the security warnings by Microsoft Excel seriously because the warnings may contain some malicious malware that you don’t know about. So it’s better to not download any sheet that gives a tiny bit hint of malicious content in it because it’s better to be safe than sorry.
Photo: Rawpixel
Read next: OneDrive Personal Vault: Microsoft making the life of its users more secure
The power query function in Excel that allows users to get data from other resources can be manipulated by hackers. This loophole can allow hackers to use power query to launch a dynamic data exchange (DDE) attack in an Excel spreadsheet. Not just that, this vulnerability can even allow hackers to launch a more critical attack that can involve different sorts of malware and can easily compromise the user’s machine as soon as they open the spreadsheet.
With this feature, hackers can have control over the victim’s machine before delivering any payloads. The hacker can make the malicious payload look harmless to the victim or other security solutions.
The good news about this indecent
The good thing is Microsoft knows about this loophole and released an advisory back in November 2017. In the advisory, they guided that users will need to pass through various security warnings before installing any malware into their system. They also recommended users to disable DDE feature when not needed so that they can block external data connections.It is strongly recommended to implement all the things Microsoft suggested because of the threat and the risk for Microsoft users is real and could be damaging.
The positive thing about this vulnerability is that there’s no report regarding any system failure or malicious attacks by this loophole.
However, the bad news is that DDE feature is usually enabled by default and users usually don't turn it off.
Data security now depends on users
Although Microsoft released an advisory for its users but its most unlikely that all the users will follow the instructions or disable the DDE feature.Microsoft now fully rely on its users to take appropriate actions, one of the wisest things to secure your data is to disable DDE feature and try to not download or open any spreadsheets sent over emails. And then lastly, you need to take the security warnings by Microsoft Excel seriously because the warnings may contain some malicious malware that you don’t know about. So it’s better to not download any sheet that gives a tiny bit hint of malicious content in it because it’s better to be safe than sorry.
Photo: Rawpixel
Read next: OneDrive Personal Vault: Microsoft making the life of its users more secure