A new loophole has been discovered in the popular Microsoft Excel application. It was found in the power query feature, and now poses a security threat to 120 million users.
Mimecast Services Ltd. researchers came across a method to abuse the feature to install malicious codes in a user’s device(s), by interacting with them infrequently, yet instantly.
For those who are unaware, the power query feature is a data connection technology Excel users have now been using for a good amount of 7 years.
The feature allows Excel files to be combined, discovered, connected and handles data before being imported from remote sources i.e external link app with its own cloud, another spreadsheet, a text document, or web page.
Vulgar Social Media Videos are Making Their Way to WhatsApp!
Now, with the discovery of this loophole, hackers use the power query to attack Excel spreadsheets through different malware that can easily compromise a user’s machine and data as soon as they access the compromised sheet.
The researcher states:
The feature gives such rich controls that it can be used to fingerprint a sandbox or a victim’s machine even before delivering any payloads. The attacker has potential pre-payload and pre-exploitation controls and could deliver a malicious payload to the victim while also making the file appear harmless to a sandbox or other security solutions.
Stay tuned to Brandsynario for more news and updates.