Microsoft Restricts Excel 4.0 Macros by Default to Protect Users from Malware

Last Update: Sep 04, 2024 | Published: Jan 21, 2022

SHARE ARTICLE

Microsoft Restricts Excel 4.0 Macros by Default to Protect Users from Malware

Microsoft unveiled its plans to disable Excel 4.0 XLM macros by default back in October 2021. The company has now announced that this application policy change is now rolling out to all Microsoft 365 tenants and it aims to protect customers from malicious documents.

For those unfamiliar with Excel 4.0 macros (XLM), this is a record-and-playback feature that was first introduced in Excel version 4.0 back in 1992. It lets enterprise customers create programming code (macros) to help them automate their repetitive tasks. Microsoft has been encouraging organizations to migrate to the secure Visual Basic for Applications (VBA) macros in response to increased XLM-based malware attacks, including Qbot, TrickBot, Zloader, and Dridex.

Microsoft disables Excel 4.0 macros in all tenants

Now, Microsoft plans to reduce the attack surface by actively restricting XLM macros by default for all Excel users. However, IT Administrators will be able to manage this policy setting via Group, Cloud and ADMX policies, and you can find more details in the Microsoft Excel blog post.

“As planned, we have now made this setting the default when opening Excel 4.0 (XLM) macros. This will help our customers protect themselves against related security threats,” the company explained.

Microsoft has also provided a timeline for the rollout of the new default configuration across all tenants:

  • Current Channel builds 2110 or greater (first released in October)
  • Monthly Enterprise Channel builds 2110 or greater (first released in December)
  • Semi-Annual Enterprise Channel (Preview) builds 2201 or greater (we create this in January 2022, but it first ships in March 2022)
  • Semi-Annual Enterprise Channel builds 2201 or greater (will ship July 2022)

It is important to note that this new policy applies to all Microsoft 365 subscribers running Excel build 16.0.14427.20000 (or newer). For enhanced security, IT admins can use group policies to completely disable all Excel 4.0 macros in their respective tenants.

In related news, Microsoft is also changing the security policy for Office 365 apps by allowing admins to block Active Content on Trusted Documents. The company plans to roll out this new feature to Microsoft 365 subscribers next month.

SHARE ARTICLE