Microsoft is disabling Excel 4.0 macros by default to protect users
Reading Time: 1 Minute
Microsoft will soon begin disabling Excel 4.0 XLM macros by default in Microsoft 365 tenants to protect customers from malicious documents.
Excel 4.0 macros, or XLM macros, were first added to Excel in 1992 and allowed users to enter various commands into cells that are then executed to perform a task.
While VBA macros were introduced in Excel 5.0, threat actors continue to XLM macros twenty years later in malicious documents that download malware or perform other unwanted behavior.
Malicious campaigns utilizing Excel 4.0 XLM macros include ones for malware, such as TrickBot, Qbot, Dridex, Zloader, and many more.
Due to their continued abuse, Microsoft has been recommending users switch from and disable Excel 4.0 XLM macros for years in favor of VBA macros. This recommendation is because VBA macros support the Antimalware Scan Interface (AMSI), which can be used by security software to scan macros for malicious behavior.
See Also: Complete Offensive Security and Ethical Hacking Course
To disable Excel 4.0 macros, Windows admins can use group policies to disable the feature, and users can disable it via the Excel Trust Center using the Enable XLM macros when VBA macros are enabled setting.
Microsoft to disable Excel 4.0 macros in all tenants
Instead of waiting for organizations to disable XLM macros on their own, Microsoft announced yesterday that they would be disabling Excel 4.0 macros by default starting in October in preview builds and then moving onto the current channel in November.
“We are introducing a change to the Excel Trust Center Macro settings to provide a more secure experience for users by default. This new default behavior will disable Excel 4.0 macros,” explained an advisory in the Microsoft 365 message center.
See Also: Apple Pay with VISA lets hackers force payments on locked iPhones
Microsoft will begin disabling Excel 4.0 macros in all tenants using this rollout schedule:
- Insiders-Slow: will rollout in late October and be complete in early November.
- Current Channel: will rollout in early November and be complete in mid-November.
- Monthly Enterprise Channel (MEC): will begin and complete rollout in mid-December.
Microsoft will not be making any changes for users who have manually configured this setting or configured it via group policies.
See Also: Offensive Security Tool: URL Hunter
See Also: Hacking stories – Operation Aurora: When China hacked Google
Source: www.bleepingcomputer.com
(Click Link)
Recent News
New Ghost Tap Attack: The Next-Level Credit Card Scam Exploiting Apple Pay and Google Pay
Apple Rushes to Patch Two Zero-Day Exploits Targeting Intel-Based Macs
Chinese Hackers Exploit Zero-Day in FortiClient VPN with ‘DeepData’ Toolkit
Critical Flaw in Popular WordPress Plugin Puts Millions of Websites at Risk
Glove Stealer Malware Evades Chrome’s App-Bound Encryption to Target Cookies
New RustyAttr Trojan Evades macOS Security Using Hidden Metadata
GoIssue: Sophisticated Phishing Tool Targets GitHub Developer Credentials
New Ymir Ransomware Launches In-Memory Attacks Post-RustyStealer Infections
North Korean Hackers Deploy MacOS Malware with Unseen Stealth to Hijack Crypto Firms
Winos4.0 Malware Framework Uses Gaming Apps to Infiltrate Windows Systems
