Microsoft will soon disable Excel 4.0 XLM macros by default to protect people’s PCs. These types of macros can be used by threat actors to get malware onto people’s PCs. Attackers can place XLM macros into malicious documents that download malware onto the computers of unsuspecting victims. The switch will disable these types of macros by default in Microsoft 365 tenants.
Instead of Excel 4.0 XLM macros, Microsoft recommends that people use VBA macros. The company has pushed people towards these more secure macros for years but will now take that push further by disabling Excel 4.0 XLM macros by default. VBA macros support Antimalware Scan Interface (AMSI), which can scan documents for malware and other dangerous content.
Windows admins can disable XLM macros through the Excel Trust Center, though soon Microsoft will disable Excel 4.0 macros by default. Preview builds will have XLM macros disabled by default in October, and the change will roll out to the Current Channel in November (via Bleeping Computer).
The details of the switch were shared on Twitter by Omri Segev Moyal:
- Insiders-Slow: will rollout in late October and be complete in early November.
- Current Channel: will rollout in early November and be complete in mid-November.
- Monthly Enterprise Channel (MEC): will begin and complete rollout in mid-December.
If admins or individuals have already manually configured settings related to XLM macros, Microsoft won’t change those settings.