Microsoft now restricts XLM macros in Excel by default

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,151
Content source
https://www.neowin.net/news/microsoft-now-restricts-xlm-macros-in-excel-by-default/
Although many organizations still use Excel 4.0 (XLM) macro for their automation activities, Microsoft has been encouraging the transition to the more secure Visual Basic for Applications (VBA) for quite some time. This is because malicious actors abuse macros to inject malware into enterprise systems frequently, so their continued use facilitates a relatively accessible attack surface. Microsoft tried to tackle this problem to some extent by introducing runtime inspection of XLM macro code in March 2021, and today, it is taking yet another step.

Microsoft has now announced that it will restrict XLM macros by default for customers utilizing Excel. This is something that the company already hinted at back in July 2021, and the change is now rolling out publicly. Be default, the Excel Trust Center option for the use of macros will indicate that the language is disabled.

That said, IT admins organizations obviously still have the ability to modify the default behavior using Group Policy, Cloud policies, and ADMX policies, all of which are described in Microsoft's blog post here.
Click to expand...
The new default configuration is now rolling out for the following customers:
  • Current Channel builds 2110 or greater (first released in October)
  • Monthly Enterprise Channel builds 2110 or greater (first released in December)
  • Semi-Annual Enterprise Channel (Preview) builds 2201 or greater (we create this in January 2022, but it first ships in March 2022)
  • Semi-Annual Enterprise Channel builds 2201 or greater (will ship July 2022)
Click to expand...
www.neowin.net

Microsoft now restricts XLM macros in Excel by default

Microsoft has announced a application policy change for customers, saying that it will now restrict the usage of Excel 4.0 (XLM) macros by default. Malicious actors often used it as an attack surface.
www.neowin.net www.neowin.net
 
Last edited:
  • Like
  • Applause
Reactions: The_King, Deletedmessiah, Andy Ful and 6 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
New Update Microsoft Excel now blocking untrusted XLL add-ins by default
Replies
0
Views
475
Office, email and business apps
silversurfer
silversurfer
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Emotet malware now distributed in Microsoft OneNote files to evade defenses
Replies
15
Views
1,214
News Archive
ForgottenSeer 98186
F
LASER_oneXM
    • Like
Qbot malware switches to new Windows Installer infection vector
Replies
0
Views
863
News Archive
LASER_oneXM
LASER_oneXM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top