Microsoft revealed its intention to disable Excel 4.0 macros or XLM macros for all Microsoft 365 users in a recent email sent to its customers.
First introduced in 1992 with the release of Excel 4.0, XLM macros allow corporate spreadsheet users to enter complex formulas into Excel cells capable of executing commands both within the program itself. itself and in the local file system of a Windows computer. Although XLM macros were replaced by VBA-based macros with the release of Excel 5.0, Microsoft has continued to support this legacy functionality over the years.
Although macros are convenient for Excel users, they have also been repeatedly abused by cyber criminals in their attacks. This is because, once activated in a malicious document, they can give a malicious actor additional control over a user’s system to install malware or carry out other attacks.
With more people working from home than ever in the past year, there has been a dramatic increase in the number of malware strains and cybercriminals abusing XLM macros in their attacks. Things got so bad that Microsoft even went to the trouble of adding XLM macro support to Microsoft 365’s Antimalware Analysis Interface (AMS) in March of this year in an effort to help. antivirus software to deal with this type of attack.
Disabled by default
Following the request from software vendors to disable XLM macros by default in its office software, Microsoft is now tackling the problem head-on.
In a recent email sent to Microsoft 365 customers, the company outlined its plan to turn off the feature in three steps according to The record. The feature will be disabled by default for Microsoft 365 insiders starting at the end of this month, those in the current channel will see it disabled in early November, and the Corporate Monthly Channel (MEC) will have XLM macros disabled by default in December.
These efforts may not be enough for security researchers, as they are now asking Microsoft to disable VBA macros by default as well.
If you want to turn off XLM macros now, you should check out this Microsoft support document that explains exactly how to remove the functionality from Excel.
Via the folder