article featured image


The macros that will be disabled by default are found in Microsoft 365. The company is aiming to protect its customers from malicious documents by taking this action.

What Are Excel 4.0 Macros?

Excel 4.0 macros, also known as XLM macros, were introduced in 1992 and allowed users to input instructions into cells, which were subsequently performed to complete a job.

Threat actors continue to use XLM macros in malicious documents to download malware or do other undesirable activity twenty years after VBA macros were introduced in Excel 5.0.

Malicious campaigns that use Excel 4.0 XLM macros include TrickBot, Qbot, Dridex, Zloader, and a variety of others.

For years, Microsoft has recommended that users switch from and disable Excel 4.0 XLM macros in favor of VBA macros due to their continuing misuse.

As the VBA macros enable the Antimalware Scan Interface (AMSI), they may be used by security applications to scan macros for harmful activity.

Users can deactivate Excel 4.0 macros using the Excel Trust Center’s Enable XLM macros when VBA macros are enabled setting. Windows admins can disable the functionality via group policies, and users can stop it via the Excel Trust Center’s Enable XLM macros when VBA macros are enabled setting.

Instead of waiting for businesses to disable XLM macros on their own, Microsoft said yesterday that starting in October, preview builds would disable macros by default in Excel 4.0, with the current channel following in November.

We are introducing a change to the Excel Trust Center Macro settings to provide a more secure experience for users by default. This new default behavior will disable Excel 4.0 macros.


As explained by BleepingComputer, Microsoft will begin disabling Excel 4.0 macros in all tenants using this rollout schedule:

  • Insiders-Slow: will roll out in late October and be complete in early November.
  • Current Channel: will roll out in early November and be complete in mid-November.
  • Monthly Enterprise Channel (MEC): will begin and complete rollout in mid-December.

Users who have personally defined this setting or who have specified it via group policies will not see any updates from Microsoft.

When the change takes effect, the setting Enable XLM macros when VBA macros are enabled will be disabled by default, preventing XLM macros from being used.

Users who want to activate XLM macros once the deployment is complete can do so via the Excel Trust Center, according to Microsoft.

Author Profile

Dora Tudor

Cyber Security Enthusiast

linkedin icon

Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo