Microsoft has disabled Microsoft Excel 4.0 XLM macros by default due to security concerns
Today, the macro function is also the carrier with the highest rate of use by hackers in BEC (Business email compromise). Attackers embed malicious macro files into documents and induce corporate office or financial personnel to open them, thereby breaking through corporate defenses and directly damaging the entire intranet.
In July 2021, Microsoft announced that it will add an option to limit the running of macros in Excel, and disabling the macro function can improve security for most users. This option has now become the default option for Excel, which means that all users of Excel will have macros disabled by default as long as they are updated online. If users really want to use this function, they need to manually turn it on in the trust center. Of course, most users do not need to use this function, and disabling it will not have any effect.
The most common method used by hackers in BECs is to forge purchase orders, financial notes, and other receipts to induce users to click-enable macros after receiving the document. By default, Microsoft will also prevent macros from running and issue a warning, but some office workers will still be tricked into turning on the macro function according to the copy set by the hacker. After disabling the Excel 4.0 XLM macro function, the steps to enable macros in the future are more complicated. Microsoft hopes to reduce the probability of enterprise users being recruited in this way.
Via: Neowin