Excel 4.0 (XLM) macros are actually disabled by default, Microsoft has confirmed. In a Tech Community weblog submit, the corporate revealed that the change has been made to higher protect customers against “related security threats” coming by way of spreadsheets.
Back in July 2021, the corporate launched a new Excel Trust Center setting choice, permitting directors to limit the utilization of Excel 4.0 (XLM) macros. It has now made this feature default for everybody.Administrators can use present Microsoft 365 functions coverage management to configure this setting, the announcement reads. The Group Policy setting “Macro Notification Settings” for Excel will be discovered within the following path and registry key:
Group Policy Path: User configuration > Administrative templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center.
Registry Key Path: ComputerHKEY_CURRENT_USERSOFTWAREPoliciesMicrosoftOffice16.0excelsecurity
Malicious actors typically abuse macros
Furthermore, directors can handle this coverage setting with each cloud insurance policies, and ADMX insurance policies. They can even fully block all XLM macro utilization, together with in new user-created information, by enabling the Group Policy, “Prevent Excel from running XLM macros”, Microsoft added.
Excel 4.0 (XLM) macros have been the default format till 1993, and though they’ve since been discontinued, they’ll nonetheless be run by the newest variations of the Office program. That makes them perfect for risk actors, who’ve been abusing them to push malware comparable to TrickBot, Zloader, Qbot, Dridex, ransomware, and plenty of different malicious packages, BleepingComputer reminds.
The publication additionally reminds that in October 2019, Microsoft added a new Group Policy, permitting directors to block Excel customers from opening untrusted Microsoft question information with IQY, OQY, DQY and RQY extensions. It claims that these information have been weaponized in “numerous malicious attacks”, to ship distant entry Trojans and malware, for years.
XLM is disabled by default in model 16.0.14527.20000+, present Channel builds 2110 or larger, month-to-month Enterprise Channel builds 2110 or larger, semi-annual Enterprise Channel (Preview) builds 2201 or larger, and semi-annual Enterprise Channel builds 2201 or larger (coming this July).