The Problems of Embedded Python in Excel, or How to Excel in Pwning Pandas

In Windows build 2407, Microsoft released Python support inside Excel as embedded =PY() functions. According to the Microsoft website: “Python in Excel brings the power of Python analytics into Excel. Use it to process data in Excel with Python code. You type Python directly into a cell, the Python calculations run in the Microsoft cloud, and your results are returned to the worksheet. Python in Excel comes with a core set of Python libraries provided by Anaconda that you can use to simplify your data analysis, find patterns and hidden insights, and visualize your data with plots.”

The Python code from the PY() Excel function is executed as a Jupyter notebook on Microsoft-managed Jupyter servers. The PY() Excel function has a built-in connection to Excel data and cells as Python pandas objects, and can return discrete values, lists, or pandas datasets.

The implementation creates several attack surfaces:
-The Microsoft Azure host and cluster where the Python code runs
-The Jupyter server where the Python code runs
-3rd parties that share the runtime environment

Despite heavy restrictions on the environment, using Excel data processing capabilities and Python it is possible to upload and execute binaries like nmap and netcat, install rpm packages, and upload and execute shell scripts. It is also possible to poison the Python environment and possibly exfiltrate 3rd party data.

The presentation will show python code, Excel definitions and steps to automate all of the above, that anyone with an Excel spreadsheet can do at home.

By:
Shalom Carmel | Hacker Emeritus
Ofir Carmel | Computer Science Student

Full Abstract and Presentation Materials:
https://www.blackhat.com/asia-25/briefings/schedule/#the-problems-of-embedded-python-in-excel-or-how-to-excel-in-pwning-pandas-43714Black HatRead More