Microsoft has made an important change to its Excel spreadsheet software (opens in a new tab) which should increase the security of users around the world.
In the summer of 2022, Microsoft decided to finally put an end to the abuse of macros in Office files that were widely used to spread malware to targeted endpoints, prompting Microsoft to block all macros in Office files downloaded from the Internet.
Since then, hackers have been experimenting with alternative methods of delivering various malicious programs, and one of the methods has become popular – XLL add-ons.
XLL files are essentially DLL files that Excel users can add to extend the program’s functionality with things like dialog boxes, custom functions, or toolbars. As such, they presented the next best way to deploy malware, after macros.
Now, in a new announcement, Microsoft said that Excel blocks all untrusted XLL add-ins by default in Microsoft 365 tenants worldwide.
The change was first announced in early January this year when the company added it to the Microsoft 365 roadmap and made it available to Insiders for testing.
Today, two months later, it makes this feature available to all other users. By the end of March, all desktop users in the Current, Monthly Enterprise, and Semi-Annual Enterprise channels should receive this extra layer of protection.
“We’re making a default change for Excel Windows desktop applications that run XLL add-ins: XLL add-ins from untrusted locations will now be blocked by default,” Microsoft said. “We have already completed the Insiders Preview. We will start rolling out in early March and expect to be finished by the end of March.”
After the change is complete, users will be notified that they are trying to run XLL-supported content from an untrusted location. The notification will explain what the potential risks are and provide more information on how to keep users safe.
With the release of the update, it is safe to assume that malware delivery via hash files (.LNK) will become even more popular.
By: Beeping Computer (opens in a new tab)