Microsoft disables Excel 4.0 macros by default to block malware

​Microsoft has introduced that Excel 4.0 (XLM) macros will now be disabled by default to guard clients from malicious paperwork.

In October, the corporate first revealed in a Microsoft 365 message heart replace that it would disable XLM macros in all tenants if the customers or admins hadn’t manually toggled the function on or off.

Beginning July 2021, Home windows admins might additionally use group insurance policies and customers the ‘Allow XLM macros when VBA macros are enabled’ setting from the Excel Belief Middle to disable this function manually.

“In July of 2021, we launched a brand new Excel Belief Middle setting possibility to limit the utilization of Excel 4.0 (XLM) macros,” stated Catherine Pidgeon, a Principal Program Supervisor Lead at Microsoft, earlier this week in a Tech Group weblog submit.

“As deliberate, we have now now made this setting the default when opening Excel 4.0 (XLM) macros. This can assist our clients defend themselves in opposition to associated safety threats.”

Admins can configure how Excel macros are allowed to run utilizing Group Coverage settings, Cloud insurance policies, and ADMX insurance policies.

They’ll additionally block all Excel XLM macro use of their environments (together with new user-created information) by toggling on the “Stop Excel from operating XLM macros” Group Coverage, configurable by way of Group Coverage Editor or registry key.

Proper now, XLM macros are disabled by default within the September fork, Excel model 16.0.14527.20000 and newer obtainable within the:

  • Present Channel builds 2110 or larger (first launched in October)
  • Month-to-month Enterprise Channel builds 2110 or larger (first launched in December)
  • Semi-Annual Enterprise Channel (Preview) builds 2201 or larger (first ships in March 2022)
  • Semi-Annual Enterprise Channel builds 2201 or larger (will ship July 2022)
XLS document with obfuscated Excel 4.0 macro
XLS doc with obfuscated Excel 4.0 macro

Although VBA-based macros had been launched with the discharge of Excel 5.0, menace actors are nonetheless utilizing them greater than twenty years later to create paperwork that deploy malware or carry out different malicious habits.

Malicious campaigns utilizing XLM macros to push malware have been noticed downloading and putting in TrickBotZloaderQbotDridex, and lots of different strains on victims’ computer systems.

Microsoft additionally silently added a Group Coverage in October 2019 that enables admins to dam Excel customers from opening untrusted (and probably malicious) Microsoft Question information with IQY, OQY, DQY, and RQY extensions.

Such information have been weaponized in quite a few malicious assaults to ship distant entry Trojans and malware loaders since early 2018.

Related posts

Microsoft CEO sells US$285M in stock


Microsoft Weekly: AD woes, acquisitions galore, and Bingo was her name-o


All Windows versions impacted by new LPE zero-day vulnerability


Leave a Comment