Microsoft says that both macros and Power Query can be controlled using an Office 365 management feature called "group policies." It essentially allows administrators to adjust settings on all of their organization's devices at once. They're just trying to find the path of least resistance."
#Dax microsoft excel for mac windows
"But if attackers can find a feature that they can abuse, they don't have to worry about finding an exploit or about which flavor of Windows they're targeting. "It's getting much more difficult to use 'traditional' exploitation methods in order to infect an organization," says Ronnie Tokazowski, a senior threat researcher at the email security firm Agari.
But Mimecast's findings are a reminder that there are always other avenues just waiting to be exploited by hackers. Microsoft said that its Windows Defender scanning system was able to block last week's macros attacks, because it knew what to look for. The more capable and flexible the programs are, the more hackers can figure out malicious ways to manipulate them. Office 365 users understandably want new, helpful features, but every new component also opens up potential risk for abuse. “We have reviewed claims in the researchers’ report and for this technique to work, a victim would need to be socially engineered to bypass multiple security prompts prior to loading external data or executing a command from a DDE formula," a Microsoft spokesperson told WIRED in a statement. Microsoft offers prompts that warn users when two programs are going to link through DDE, but hackers have launched DDE attacks from Word documents and Excel sheets since about 2014, tricking users into clicking through the warnings. They could use the same type of flow to drop other malware onto a target system through Power Query, too. But attackers can embed the commands that initiate DDE in their website, and then use Power Query commands in a malicious spreadsheet to merge the website’s data with the spreadsheet and set off the DDE attack. So protocols like DDE exist to be a sort of mediator in situations where it would be useful for programs to compare notes. Digital systems are usually set up to silo programs so they can't interact without permission. That makes it very viable for attackers."įarjon suggests that once Power Query connects to a malicious website, attackers could initiate something like a Dynamic Data Exchange attack, which exploits a Windows protocol that lets applications share data in an operating system.
The exploit will work in all the versions of Excel as well as new versions, and will probably work across all operating systems, programming languages, and sub-versions, because it's based on a legitimate feature. "And you have basically 100 percent reliability. "Attackers don’t need to invest in a very sophisticated attack-they can just open up Microsoft Excel and use its own tools," says Meni Farjon, Mimecast's chief scientist. In this way, attackers can distribute tainted Excel spreadsheets that wreak havoc, from granting attackers system privileges to installing backdoors. This mechanism for linking out to another component, though, can also be abused to link to a malicious webpage that contains malware. Power Query allows users to combine data from various sources with a spreadsheet-like a database, second spreadsheet, document, or website. On Thursday, researchers from threat intelligence firm Mimecast are disclosing findings that an Excel feature called Power Query can be manipulated to facilitate established Office 365 system attacks. And two recent findings demonstrate how the program's own legitimate features can be used against it. Like the rest of the Office 365 suite, attackers often manipulate Excel to launch their digital strikes. Sure, it can wrangle data, but it's not exactly Apex Legends. You probably think of Microsoft's classic spreadsheet program Excel as mostly boring.
0 kommentar(er)
