An Interest In:
Web News this Week
- April 19, 2024
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
- April 13, 2024
Some of Our Sources
- Web Designer Wall
- Team Treehouse
- Just Creative
- Pearsonified
- Smashing Magazine
- Vandelay Design
- Fuel Your Creativity
- FanExtra - PSD
- Crazy Leaf Design
- Reencoded
Help Webnuz
Referal links:
June 28, 2019 01:25 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/udgEqq2AQVk/microsoft-excel-power-query-feature-can-be-abused-for-malware-distribution
Microsoft Excel Power Query Feature Can Be Abused For Malware Distribution
Security researchers have devised a method to abuse a legitimate Microsoft Excel technology named Power Query to run malicious code on users' systems with minimal interaction. ZDNet reports: Power Query is a data connection technology that can allow Excel files to discover, connect, combine, and manipulate data before importing it from remote sources, such as an external database, text document, another spreadsheet, or a web page. The tool is included with recent versions of Excel and available as a separate downloadable add-in for older Excel versions. In research published today and shared with ZDNet, Ofir Shlomo, a security researcher with the Mimecast Threat Center, described a technique through which Power Query features could be abused to run malicious code on users' systems. The technique relies on creating malformed Excel documents that use Power Query to import data from an attacker's remote server. "Using Power Query, attackers could embed malicious content in a separate data source, and then load the content into the spreadsheet when it is opened," Shlomo said. "The malicious code could be used to drop and execute malware that can compromise the user's machine." Mimecast's technique can even bypass security sandboxes that analyze documents sent via email before allowing users to download and open them. Microsoft has yet to issue a fix for the vulnerability, but did release an advisory document for users, offering a way to beef up security.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/udgEqq2AQVk/microsoft-excel-power-query-feature-can-be-abused-for-malware-distribution
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot