Microsoft now restricts XLM macros in Excel by default


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
Although many organizations still use Excel 4.0 (XLM) macro for their automation activities, Microsoft has been encouraging the transition to the more secure Visual Basic for Applications (VBA) for quite some time. This is because malicious actors abuse macros to inject malware into enterprise systems frequently, so their continued use facilitates a relatively accessible attack surface. Microsoft tried to tackle this problem to some extent by introducing runtime inspection of XLM macro code in March 2021, and today, it is taking yet another step.

Microsoft has now announced that it will restrict XLM macros by default for customers utilizing Excel. This is something that the company already hinted at back in July 2021, and the change is now rolling out publicly. Be default, the Excel Trust Center option for the use of macros will indicate that the language is disabled.

That said, IT admins organizations obviously still have the ability to modify the default behavior using Group Policy, Cloud policies, and ADMX policies, all of which are described in Microsoft's blog post here.
The new default configuration is now rolling out for the following customers:
  • Current Channel builds 2110 or greater (first released in October)
  • Monthly Enterprise Channel builds 2110 or greater (first released in December)
  • Semi-Annual Enterprise Channel (Preview) builds 2201 or greater (we create this in January 2022, but it first ships in March 2022)
  • Semi-Annual Enterprise Channel builds 2201 or greater (will ship July 2022)
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.