Jump to content
  • Microsoft is disabling Excel 4.0 macros by default to protect users


    Karlston

    • 725 views
    • 3 minutes
     Share


    • 725 views
    • 3 minutes

    Microsoft will soon begin disabling Excel 4.0 XLM macros by default in Microsoft 365 tenants to protect customers from malicious documents.

     

    Excel 4.0 macros, or XLM macros, were first added to Excel in 1992 and allowed users to enter various commands into cells that are then executed to perform a task.

     

    malicious-excel_4-document.jpg

    Malicious XLS document with obfuscated Excel 4.0 macro

    While VBA macros were introduced in Excel 5.0, threat actors continue to XLM macros twenty years later in malicious documents that download malware or perform other unwanted behavior.

     

    Malicious campaigns utilizing Excel 4.0 XLM macros include ones for malware, such as TrickBotQbotDridexZloader, and many more.

     

    Due to their continued abuse, Microsoft has been recommending users switch from and disable Excel 4.0 XLM macros for years in favor of VBA macros. This recommendation is because VBA macros support the Antimalware Scan Interface (AMSI), which can be used by security software to scan macros for malicious behavior.

     

    To disable Excel 4.0 macros, Windows admins can use group policies to disable the feature, and users can disable it via the Excel Trust Center using the Enable XLM macros when VBA macros are enabled setting.

     

    trust-center-setting.jpg

    Enable XLM macros when VBA macros are enabled in Excel Trust Center

    Microsoft to disable Excel 4.0 macros in all tenants

    Instead of waiting for organizations to disable XLM macros on their own, Microsoft announced yesterday that they would be disabling Excel 4.0 macros by default starting in October in preview builds and then moving onto the current channel in November.

     

    "We are introducing a change to the Excel Trust Center Macro settings to provide a more secure experience for users by default. This new default behavior will disable Excel 4.0 macros," explained an advisory in the Microsoft 365 message center.

     

    Microsoft will begin disabling Excel 4.0 macros in all tenants using this rollout schedule:

     

    • Insiders-Slow: will rollout in late October and be complete in early November.
    • Current Channel: will rollout in early November and be complete in mid-November.
    • Monthly Enterprise Channel (MEC): will begin and complete rollout in mid-December.

     

    Microsoft will not be making any changes for users who have manually configured this setting or configured it via group policies.

     

    When the change rolls out, the Enable XLM macros when VBA macros are enabled setting will be unchecked by default, which disables XLM macros.

     

    Microsoft states that users who wish to enable XLM macros after this rollout has finished can do so in the Excel Trust Center.

     

     

     

    Microsoft is disabling Excel 4.0 macros by default to protect users


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...