Jump to content
  • Microsoft puts a stop to Excel add-ins from the Internet


    Karlston

    • 600 views
    • 3 minutes
     Share


    • 600 views
    • 3 minutes

    Malicious Excel add-ins from the Internet attacks have skyrocket in recent time. Microsoft therefore no longer wants to allow them from March 2023 onwards.

     

    excel-add-ins.png

     

    Excel add-ins from the Internet are a major threat to security. HP's Wolf Security Threat Insights Report for the fourth quarter of 2021 highlighted a 588% increase in Microsoft Excel add-in attacks compared to the previous quarter of the year.

     

    HP's research team found information about Excel add-in dropper and malware kits on the dark web, which allow less experienced attackers to create malware campaigns that use the Excel add-on attack vector. A growing number of malware families is using Excel add-ons to spread.

     

    Just last month, security experts at Cisco Thalos published a threat spotlight about the use of malicious Excel add-ins by threat actors.

    How Excel add-ins work

    Excel add-in files, which have the .xll file extension, have been supported since Microsoft Excel 1997. Add-ins, which exist for other Office applications such as Word as well, are designed to enhance the functionality or the appearance of the application. They are provided as executable code and come in various formats.

     

    Installation of add-ins is not identical across Office applications. Word add-ons, for example, need to be added specifically by an administrator. Excel add-ins, on the other hand, execute directly when a user double-clicks on the file name. Excel is launched directly when an Excel .xll file is loaded on a Windows machine.

     

    A security message is displayed by Excel when an .xll file is about to be loaded into the application. Options to enable the add-in for the session or leave it disabled are provided.

     

    XLL files may be distributed via email, on websites, chat messages, and other distribution options. Malicious Excel add-ins include event handling functions that are called when a document is opened or closed, or when other events happen. These allow the attacker to launch malicious macro code.

    Excel: Blocking xll Add-ins from the Internet

    Microsoft plans to block Excel add-ins from the Internet on all Office desktop and cloud platforms starting March 2023.

     

    The company notes: "In order to combat the increasing number of malware attacks in recent months, we are implementing measures that will block XLL add-ins coming from the internet".

     

    Excel add-ins from the local machine or those downloaded from within Excel using Insert > Add-ins > Get Add-ins are not blocked.

     

     

     

    Microsoft puts a stop to Excel add-ins from the Internet

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...