The Mimecast Threat Center reported today that they've found and developed an exploit method for the Power Query feature in Microsoft Excel.

Power Query allows Excel to pull data from a variety of external sources in real time so that data can be viewed and utilized without needing to be manually imported.

An attacker could host malicious content on a web server that delivers the attack payload when a request to that webserver from the spreadsheet is received. While newer versions of Excel would prompt the user with a ‘Click to run’ notices, older versions of Excel do not require any user-interaction and the malicious content could be executed.

According to Mimecast: “Microsoft declined to release a fix at this time and instead offered a workaround to help mitigate the issue.” Microsoft instead referred to a Security Advisory (4053440) from 2017, detailing how to mitigate risk by limiting Dynamic Data Exchange (DDE) field queries to only connect to trusted sources.

While there is no dedicated plugin to detect this issue as it remains unpatched by Microsoft, you can use (Windows plugin 27524 and Mac plugin 86383) to identify systems in your environment with Microsoft Office installed.