Microsoft wants organizations to shift from Excel 4.0 (XLM) macro when automating spreadsheets, a feature that has been part of the Office app since the 1990s. The company would prefer customers use Visual Basic for Applications (VBA), which is much more secure. Now, Microsoft says it will actively restrict the use of XLM macros by default in Excel.
According to Microsoft, Excel 4.0 XLM macros are open to attack. A threat actor could target the macros to deliver malware into a system. This could be achievable via a relatively simple surface-level attack.
Macro malware is one of the oldest cybercrime methods, at least amongst those still in use today. Threat actors have been turning to macros since the 90s, and still getting some success. That’s because this is a simple technique for pushing malware onto a system.
Back in March 2021, Microsoft updated Antimalware Scan Interface in Office 365 to scan Excel files that are in the older 4.0 language for macro malware. This has clearly not been enough to appease the company’s concerns so now Microsoft will simply restrict the use of XLM macros.
In the Excel Trust Center, the app now shows that macros are disabled. It is worth noting users can choose to enable them here. Excel users can instead handle default behaviors in cells by using Cloud Policies, Group Policies, or ADMX policies.
In a blog post to confirm the change, Microsoft says the new configuration will make its way to the following Excel users:
- “Current Channel builds 2110 or greater (first released in October)
- Monthly Enterprise Channel builds 2110 or greater (first released in December)
- Semi-Annual Enterprise Channel (Preview) builds 2201 or greater (we create this in January 2022, but it first ships in March 2022)
- Semi-Annual Enterprise Channel builds 2201 or greater (will ship July 2022)”
Tip of the day: Did you know that as a Windows 10 admin you can restrict user accounts by disabling settings or the control panel? Our tutorial shows how to disable and enable them via Group Policy and the registry.