Organizations now have one more reason to pay attention to the security settings of their Microsoft Office applications. Researchers at Mimecast have developed a working proof of concept that shows how attackers can use a legitimate function in Microsoft Excel called Power Query to remotely drop and run malware on a user’s system to escalate privileges and other malicious activity.