Microsoft is preparing to disable Excel 4.0 XLM macros by default on all Microsoft 365 subscribers to protect users from malicious documents.
The Excel 4.0 macro, also known as the XLM macro, was added to Excel in 1992. It allows the user to enter various commands into the cell to perform a certain task.
Although VBA macros were introduced in Excel 5.0, bad guys have continued to use XLM macros over the years to trick users into downloading malware or performing other undesirable behaviors. Cyberattack campaigns using Excel 4.0 XLM macros have been reported including TrickBot, Qbot, Dridex, Zloader.
Because the Excel 4.0 XLM macro is constantly abused, for many years Microsoft has always recommended that users disable this feature and switch to using VBA macros. This is because VBA macros have an Anti-Malware Scan Interface (AMSI) that can be used by security software to scan macros that contain malicious code.
An administrator of an organization or enterprise can disable Excel 4.0 macros by using Group Policy. Meanwhile, users can turn it off using Enable XLM macro setting when VBA macro is enabled in Excel Trus Center.
Microsoft prepares to disable Excel 4.0 XLM macros by default
Instead of waiting for organizations, businesses, and users to manually disable XLM macros, Microsoft has just announced that they will disable Excel 4.0 XLM macros by default from early October on beta. Next, they will implement this setup on the final build.
The specific schedule is as follows:
Microsoft will not make any changes to users who have disabled XLM macros manually or through Group Policy. Of course, if you want, you can still enable XLM macros after Microsoft locks them by visiting the Excel Trust Center.
ncG1vNJzZmismaXArq3KnmWcp51kuqqv0aiqqJ6kYrGqv8Cbo56rXZrFpLHLZmtpZZ2WsLO70maZsmWUmrOiwcutZK2nXaW%2FsMDEnKtmraOav7Q%3D