Excel 4.0 Macros Will Be Disabled in Order to Protect Users
Microsoft Will Begin to Disable Excel 4.0 XLM Macros.
Last updated on October 8, 2021
The macros that will be disabled by default are found in Microsoft 365. The company is aiming to protect its customers from malicious documents by taking this action.
What Are Excel 4.0 Macros?
Excel 4.0 macros, also known as XLM macros, were introduced in 1992 and allowed users to input instructions into cells, which were subsequently performed to complete a job.
Threat actors continue to use XLM macros in malicious documents to download malware or do other undesirable activity twenty years after VBA macros were introduced in Excel 5.0.
Malicious campaigns that use Excel 4.0 XLM macros include TrickBot, Qbot, Dridex, Zloader, and a variety of others.
For years, Microsoft has recommended that users switch from and disable Excel 4.0 XLM macros in favor of VBA macros due to their continuing misuse.
As the VBA macros enable the Antimalware Scan Interface (AMSI), they may be used by security applications to scan macros for harmful activity.
Users can deactivate Excel 4.0 macros using the Excel Trust Center’s Enable XLM macros when VBA macros are enabled setting. Windows admins can disable the functionality via group policies, and users can stop it via the Excel Trust Center’s Enable XLM macros when VBA macros are enabled setting.
Instead of waiting for businesses to disable XLM macros on their own, Microsoft said yesterday that starting in October, preview builds would disable macros by default in Excel 4.0, with the current channel following in November.
We are introducing a change to the Excel Trust Center Macro settings to provide a more secure experience for users by default. This new default behavior will disable Excel 4.0 macros.
Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.