Microsoft bans all Microsoft 365 users from using the Excel 4.0 XLM macro function
Macro functions can make Microsoft Office very powerful. Users can write macros to achieve various functions or automate them to reduce workload.
Unfortunately, the malware also uses macro functions to actively spread viruses, which is a huge threat to business users because such attacks have never stopped.
The Excel 4.0 XLM macro was originally a feature added by Microsoft in 1992. Due to the lack of certain security support, the threat of XLM macros is higher than that of VBA macros.
For example, notorious malware such as TrickBot, Qbot, Dridex, Zloader, etc. all use XLM macros, so Microsoft decided to directly disable XLM macros.
VBA macros support the AMSI interface, which allows security software to scan and find malicious behaviors. Therefore, if you want to use macros, it is recommended to use VBA instead of XLM macros.
Microsoft will disable the use of Excel 4.0 XLM macros by Microsoft 365 subscribers in batches starting this month. Of course, users can enable it if they really need it.
By the end of this year, XLM macros will be disabled in either the preview version, the stable version, or the enterprise channel. At the same time, Microsoft will enable VBA-based macro functions by default.
If the enterprise administrator has deployed the relevant policies, Microsoft will not perform the operation, and the consumer can modify the configuration policy if the user needs to use it.
Phishing documents based on macro functions have not decreased in recent years, but have soared. For ordinary users, disabling macro functions can significantly improve security.
Usually, this kind of phishing document is to pretend to be some company or official name, send the phishing document to the user, and induce the user to click the prompt at the top to enable the macro.
Once you enable the click to enable the macro, you may be infected with malicious code by executing malicious code. In fact, this kind of document is very common in enterprises but still attracts a lot of people.
Therefore, the best solution is if you do not need to use macros, whether you are a normal consumer or a corporate employee, then directly disabling macros can solve this type of problem.
To disable Excel 4.0 macros, Windows admins can use group policies to disable the feature, and users can disable it via the Excel Trust Center using the Enable XLM macros when VBA macros are enabled setting.
Via: bleepingcomputer