Microsoft to disable old-school macros to shield users from attacks

News
By published

XLM macros will be disabled by default for Microsoft 365 users late this year

Excel on a Laptop
(Image credit: Microsoft)

Microsoft has revealed its plan to disable Excel 4.0 macros or XLM macros for all Microsoft 365 users in a recent email sent out to its customers.

First introduced back in 1992 with the release of Excel 4.0, XLM macros allow users of the company's spreadsheet software to enter complex formulas inside Excel cells capable of executing commands both in the program itself and in a Windows computer's local file system. Although XLM macros were replaced by VBA-based macros when Excel 5.0 was released, Microsoft has continued supporting this legacy feature over the years.

Although macros are convenient for Excel users, they have also been repeatedly abused by cybercriminals in their attacks. This is because, once enabled in a malicious document, they can give a threat actor additional control over a user's system to install malware or carry out other attacks.

With more people working from home than ever before last year, there was a huge uptick in the number of malware strains and cybercriminals abusing XLM macros in their attacks. Things got so bad that Microsoft even went to the trouble of adding XLM macro support to Microsoft 365's Antimalware Scan Interface (AMS) in March of this year in an effort to help antivirus software deal with these kinds of attacks.

Disabled by default

Following request from software companies that XLM Macros be disabled by default inside its office software, Microsoft is now tackling the issue head on.

In a recent email sent to Microsoft 365 customers, the company laid out its plan to disable the feature across three stages according to The Record. The feature will be disabled by default for Microsoft 365 Insiders beginning at the end of this month, those on the current channel will see it disabled in early November and the Monthly Enterprise Channel (MEC) will have XLM macros disabled by default in December.

These efforts may not be enough for security researchers though as they are now asking Microsoft to also disable VBA macros as default.

If you want XLM macros disabled now, you should check out this support document from Microsoft which lays out exactly how to remove the feature from Excel.

Via The Record

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Outlook
Dangerous Microsoft Outlook flaw could let hackers send out malware via email
Fingertip pressing keyboard key with Windows logo on it
Hackers are abusing Microsoft tools more than ever before
A Microsoft Surface Laptop being shown at Microsoft's Copilot Plus PC Showcase
Microsoft is officially cutting support for Office apps on Windows 10, so update now
Phone scammer
Microsoft thinks it could stop this dangerous scam forever
Ransomware
Microsoft spies a new and worrying macOS malware strain
A phone sitting on a laptop keyboard with the Microsoft Outlook logo on the screen.
US government warns users to patch this critical Microsoft Outlook bug
Latest in Security
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
Latest in News
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Meet create custom backgrounds
More AI features are coming to Google Workspace
Elayne, Egwene, and Nynaeve dressed regally and on horseback in The Wheel of Time season 3
'There's a reason why we do it': The Wheel of Time showrunner responds to fans who are still upset over the Prime Video show's plot alterations
More about security
Google Chrome dark mode

Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Trump

Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
China

Chinese hackers targeting Juniper Networks routers, so patch now
See more latest
Most Popular
China
Chinese hackers targeting Juniper Networks routers, so patch now
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Bolt Zeus 2c26-032 PCIe card
This GPU vendor I've never heard of claims its card is 10x faster than an Nvidia RTX 5090 at real time path tracing
Google Meet create custom backgrounds
More AI features are coming to Google Workspace
A mockup of the possible Apple M3 Ultra logo
Performance isn't the only reason you should buy Apple's M3 Ultra Mac Studio - it's reportedly one of the most power-efficient processors too
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Apple products all showing different versions of the Apple Photos app
Apple Photos could actually win you over in iOS 18.4 – here are 4 improvements that are coming
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
JBL Charge 6
JBL's new Bluetooth speakers bring all the upgrades I most wanted to see, and they're coming soon
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'