Microsoft has disabled Microsoft Excel 4.0 XLM macros by default due to security concerns

by · Published · Updated

Macros are a very popular feature in office software suites, and users with a technical background can use macros to write batches of code to be able to perform certain tasks. However, since code is involved, security problems will inevitably arise. For example, hackers use macro functions to write malicious scripts and then induce users to load viruses. In fact, the macro function has been widely used by hackers since its appearance.

Today, the macro function is also the carrier with the highest rate of use by hackers in BEC (Business email compromise). Attackers embed malicious macro files into documents and induce corporate office or financial personnel to open them, thereby breaking through corporate defenses and directly damaging the entire intranet.

In July 2021, Microsoft announced that it will add an option to limit the running of macros in Excel, and disabling the macro function can improve security for most users. This option has now become the default option for Excel, which means that all users of Excel will have macros disabled by default as long as they are updated online. If users really want to use this function, they need to manually turn it on in the trust center. Of course, most users do not need to use this function, and disabling it will not have any effect.

The most common method used by hackers in BECs is to forge purchase orders, financial notes, and other receipts to induce users to click-enable macros after receiving the document. By default, Microsoft will also prevent macros from running and issue a warning, but some office workers will still be tricked into turning on the macro function according to the copy set by the hacker. After disabling the Excel 4.0 XLM macro function, the steps to enable macros in the future are more complicated. Microsoft hopes to reduce the probability of enterprise users being recruited in this way.

Via: Neowin

Tags: