Security News > 2022 > January > Microsoft disables Excel 4.0 macros by default to block malware
Microsoft has announced that Excel 4.0 macros will now be disabled by default to protect customers from malicious documents.
Starting July 2021, Windows admins could also use group policies and users the 'Enable XLM macros when VBA macros are enabled' setting from the Excel Trust Center to disable this feature manually.
They can also block all Excel XLM macro use in their environments by toggling on the "Prevent Excel from running XLM macros" Group Policy, configurable via Group Policy Editor or registry key.
XLM macros are disabled by default in the September fork, Excel version 16.0.14527.
Even though VBA-based macros were introduced with the release of Excel 5.0, threat actors are still using them more than two decades later to create documents that deploy malware or perform other malicious behavior.
Microsoft also silently added a Group Policy in October 2019 that allows admins to block Excel users from opening untrusted Microsoft Query files with IQY, OQY, DQY, and RQY extensions.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- Microsoft says it's not using your Word, Excel data for AI training (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)