Malicious Excel add-ins from the Internet attacks have skyrocket in recent time. Microsoft therefore no longer wants to allow them from March 2023 onwards.
Excel add-ins from the Internet are a major threat to security. HP's Wolf Security Threat Insights Report for the fourth quarter of 2021 highlighted a 588% increase in Microsoft Excel add-in attacks compared to the previous quarter of the year.
HP's research team found information about Excel add-in dropper and malware kits on the dark web, which allow less experienced attackers to create malware campaigns that use the Excel add-on attack vector. A growing number of malware families is using Excel add-ons to spread.
Just last month, security experts at Cisco Thalos published a threat spotlight about the use of malicious Excel add-ins by threat actors.
How Excel add-ins work
Excel add-in files, which have the .xll file extension, have been supported since Microsoft Excel 1997. Add-ins, which exist for other Office applications such as Word as well, are designed to enhance the functionality or the appearance of the application. They are provided as executable code and come in various formats.
Installation of add-ins is not identical across Office applications. Word add-ons, for example, need to be added specifically by an administrator. Excel add-ins, on the other hand, execute directly when a user double-clicks on the file name. Excel is launched directly when an Excel .xll file is loaded on a Windows machine.
A security message is displayed by Excel when an .xll file is about to be loaded into the application. Options to enable the add-in for the session or leave it disabled are provided.
XLL files may be distributed via email, on websites, chat messages, and other distribution options. Malicious Excel add-ins include event handling functions that are called when a document is opened or closed, or when other events happen. These allow the attacker to launch malicious macro code.
Excel: Blocking xll Add-ins from the Internet
Microsoft plans to block Excel add-ins from the Internet on all Office desktop and cloud platforms starting March 2023.
The company notes: "In order to combat the increasing number of malware attacks in recent months, we are implementing measures that will block XLL add-ins coming from the internet".
Excel add-ins from the local machine or those downloaded from within Excel using Insert > Add-ins > Get Add-ins are not blocked.
- dabourzannan and flash13
- 2
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.