They discover a security breach in Excel that can put the security of more than 100 million computers at risk
Table of contents:
A new threat has put computers that have Excel installed in check A risk that some researchers have discovered and that puts risk to more than 120 million users. The vulnerability has already been fixed by Microsoft, but for this the application must have the latest patches enabled.
"Researchers from the security firm Mimecast Services have discovered a security breach that is based on the use of the Power Query function(Get and Transform) in Excel that allows users to extract data from other sources but which in turn can be used by a hacker to violate the security of affected computers."
Unreliable sources
By means of this function in Excel you can combine, add, complete... data that can come from a wide variety of sources. And among those sources are the countless points to download tables from the Internet.
Using this security hole, a cyber attacker can launch a remote Dynamic Data Exchange (DDE or Dynamic Data Exchange) attack ) in an Excel spreadsheet created for this purpose and through it, achieve remote control of our equipment and access other programs and applications of our equipment.
The bug was discovered, those responsible for its discovery reported it to Microsoft so that it could be corrected and apparently they have not yet plugged>. The only measure they have taken is the release of guides to avoid the problem, such as recommendations to users to disable the DDE (Dynamic Data Exchange) function when not in use in order to block external data connections."
In the absence of an official response, the discoverers advise individual users to exercise caution when downloading Excel files from Unreliable sources while in professional environments recommend proper configuration of Excel instances to avoid possible risks when opening Excel documents.
And while it doesn't hurt to use common sense to avoid accessing unreliable sources, another option is to use alternative applications to Excel to work with spreadsheets and between them.
More information | Mimecast Source | Siliconeangle