From zdnet.com
Security researchers have devised a method to abuse a legitimate Microsoft Excel technology named Power Query to run malicious code on users’ systems with minimal interaction.
Power Query is a data connection technology that can allow Excel files to discover, connect, combine, and manipulate data before importing it from remote sources, such as an external database, text document, another spreadsheet, or a web page.
The tool is included with recent versions of Excel and available as a separate downloadable add-in for older Excel versions.