A white-hat has taken a good look at whether you can pivot an attack from one machine to others using Microsoft Excel, and you probably won’t like what he found. The researcher, Matt Nelson of SpecterOps (@enigma0x3) writes that he’s found loose default launch and access permissions, meaning a macro-based attack doesn’t need to interact with the victim. The nutshell version is this: Excel.Application is exposed via DCOM; it has no explicit launch or access permissions set; since the attacker would have to find some other means for the initial compromise, Microsoft Office Macro security won’t stop the pivot; and Excel.Application can be launched (and interacted with) remotely.
View Full Story
ORIGINAL SOURCE: The Register