Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Plans to Block All Downloaded Excel XLL Add-Ins

Microsoft is planning to make its Office apps more secure by blocking all Excel XLL add-ins downloaded from the internet. The company explained that this move should help to prevent malicious actors from abusing this popular avenue to target Microsoft 365 customers worldwide.

Essentially, XLL files are dynamic-link libraries (DLLs) that enable users to use third-party tools and functions in Microsoft Excel. These files provide additional functionalities (such as dialog boxes, toolbars, and custom functions) that aren’t natively a part of the software.

Last year, Microsoft announced that it’s blocking Visual Basic for Applications (VBA) macros default in Word, Excel, and PowerPoint. Since then, threat actors have been looking for alternative methods (like LNK files and Excel XLL files) to deploy malware payloads. Security researchers have warned that attackers are increasingly using these techniques for data theft, ransomware attacks, and other cybercrime.

“For quite some time after that, the usage of XLL files is only sporadic and it does not increase significantly until the end of 2021, when commodity malware families such as Dridex and Formbook started using it,” explained Vanja Svajcer, Outreach Researcher for Talos.

Microsoft to close malware backdoors by blocking Excel XLL files

To address this problem, Microsoft will soon block all Excel XLL add-ins downloaded from the internet in its Office apps. “In order to combat the increasing number of malware attacks in recent months, we are implementing measures that will block XLL add-ins coming from the internet,” the company said on the Microsoft 365 roadmap.

Overall, this move is a part of Microsoft’s ongoing efforts to block hackers from leveraging malicious Office documents to compromise Windows systems. It should help to prevent them from remotely accessing machines, monitoring activity, and stealing data. The Microsoft 365 listing suggests that this change will begin rolling out in the Current Channel, Monthly Enterprise Channel, and Semi-Annual Enterprise Channel in March.

by Rabia Noureen
Jan 26, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

How to Grant Full Mailbox Access to Users in Office 365 and Exchange Server

Aug 4, 2023
Aug 08, 2023
Microsoft and AI: What Is the Copilot Semantic Index and How Does It Work?

Feb 6, 2024
Mar 21, 2024
Nested Microsoft 365 Groups: What You Need to Know

Jul 12, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.