Newsletter Archives

• Excel Power Query

  Posted on July 1, 2024 at 02:42 CDT by Peter Deegan

  MICROSOFT 365

  

  By Peter Deegan

  Power Query is the clever multifunction tool in Excel I could not do without. It not only adds essential features to Excel but also makes other tasks a lot easier.

  A part of Microsoft Office, its developers have done a great job. The dev team truly listens to customers and adds features that they need, not just the latest Redmond fad (cloud, AI, accessibility, and so on).

  Read the full story in our Plus Newsletter (21.27.0, 2024-07-01).

  Microsoft 365 Excel, Excel Power Query, Newsletters, Office

• Mimecast shows yet another way to zap systems using Excel’s Power Query feature

  Posted on June 27, 2019 at 09:56 CDT by woody • Comment in the Forums

  Early this morning, email security company Mimecast released a report detailing how malicious folks can attack by abusing the Excel feature called Power Query:

  Mimecast Threat Center found and developed a technique that uses a feature in Microsoft Excel called Power Query to dynamically launch a remote Dynamic Data Exchange (DDE) attack into an Excel spreadsheet and actively control the payload Power Query.

  The threat they describe isn’t unique — if you’ve been working with Excel for any time at all, you know there are features that just beg to be abused — but it is quite clever.

  The folks at Mimecast gave Microsoft a chance to respond, but

  Mimecast worked with Microsoft as part of the Coordinated Vulnerability Disclosure (CVD) process to determine if this is an intended behavior for Power Query, or if it was an issue to be addressed. Microsoft declined to release a fix at this time and instead offered a workaround to help mitigate the issue.

  Thus, we’re getting a full exposure. For more details, look at Mimecast’s report.

  Office Patches/Security Excel Power Query