Microsoft to disable old-school macros to shield users from attacks

XLM macros will be disabled by default for Microsoft 365 users late this year

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas revealed its plan to disable Excel 4.0 macros or XLM macros for allMicrosoft 365users in a recent email sent out to its customers.

First introduced back in 1992 with the release of Excel 4.0,XLM macrosallow users of the company’sspreadsheet softwareto enter complex formulas inside Excel cells capable of executing commands both in the program itself and in a Windows computer’s local file system. Although XLM macros were replaced by VBA-based macros when Excel 5.0 was released, Microsoft has continued supporting this legacy feature over the years.

Although macros are convenient forExcelusers, they have also been repeatedly abused by cybercriminals in their attacks. This is because, once enabled in a malicious document, they can give a threat actor additional control over a user’s system to installmalwareor carry out other attacks.

With more peopleworking from homethan ever before last year, there was a huge uptick in the number of malware strains and cybercriminals abusing XLM macros in their attacks. Things got so bad that Microsoft even went to the trouble of adding XLM macro support to Microsoft 365’s Antimalware Scan Interface (AMS) in March of this year in an effort to helpantivirus softwaredeal with these kinds of attacks.

Disabled by default

Following request from software companies that XLM Macros be disabled by default inside itsoffice software, Microsoft is now tackling the issue head on.

In a recent email sent to Microsoft 365 customers, the company laid out its plan to disable the feature across three stages according toThe Record. The feature will be disabled by default for Microsoft 365 Insiders beginning at the end of this month, those on the current channel will see it disabled in early November and the Monthly Enterprise Channel (MEC) will have XLM macros disabled by default in December.

These efforts may not be enough for security researchers though as they are now asking Microsoft to also disableVBA macrosas default.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

If you want XLM macros disabled now, you should check out thissupport documentfrom Microsoft which lays out exactly how to remove the feature from Excel.

ViaThe Record

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well