Researchers identified security hole in Microsoft Office s Excel spreadsheet program that allows an attacker to trigger a malware attack on remote systems. The exploitable feature in Excel, called Power Query, allows users to embed outside data sources such as external databases or web-based data into a spreadsheet. Mimecast developed a technique to launch a remote Dynamic Data Exchange (DDE) attack into an Excel spreadsheet, deliver a malicious payload and actively control the payload via Power Query. Microsoft declined to release a fix but suggested a workaround mitigation to fend off attacks exploiting the vulnerability.
Source: https://threatpost.com/microsoft-excel-attack-vector/146062/