Millions of home users and businesses rely on Microsoft Excel to keep track of their expenditures and income, plan their budgets and take care of basically any tasks that involve calculations.
Recently, Mimecast Threat Center unveiled a major Excel vulnerability that allows attackers to embed malicious payloads remotely.
How does this work, you may ask? In order to exploit this vulnerability, attackers use a Microsoft Excel feature called Power Query.
As a quick reminder, Power Query is a Business Intelligence tool that allows users to integrate spreadsheets with other data sources, including external data sources such as databases and websites.
The problem is that such attacks are very complex and hard to detect. In other words, users may not even suspect something hit them until it’s too late.
As Mimecast explains:
Security solutions fail to block these threats
To make matters worse, Sandbox-based security solutions are pretty much useless when it comes to detecting and blocking this type of attacks.
Using Power Query, attackers could embed malicious content in a separate data source, and then load the content into the spreadsheet when it is opened. The malicious code could be used to drop and execute malware that can compromise the user’s machine.
The respective files appear harmless to security solutions, which means that users won’t get any alerts about these attacks.
Microsoft is aware of this issue
Mimecast already informed Microsoft about this security problem but the tech giant declined to release a permanent fix offering instead a quick workaround to mitigate the issue.
Microsoft suggests using a Group Policy to block external data connections. This method prevents external data from merging with your existing Excel data.
Alternatively, you can also change your Office Trust Center settings so as to block external data and files.
For more information, you can check out Microsoft’s security advisory 4053440.
Prevention is better than cure
Now that you’re aware of this security risk, the best solution is to act fast and implement the workarounds that Microsoft suggested.
As they say, prevention is always better than cure. Hackers never sleep and this exploit has the potential of causing severe damage to your system.
Speaking of Microsoft Excel security, you may also want to install one of these antivirus solutions to protect your files and block malware attacks.
If the advices above haven’t solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.
Still having issues? Fix them with this tool:
SPONSORED
- Cybersecuritywindows 10
Email *
Commenting as . Not you?
Comment
