Microsoft has revealed its plan to disable Excel 4.0 macros or XLM macros for all Microsoft 365 users in a recent email sent out to its customers.
First introduced back in 1992 with the release of Excel 4.0, XLM macros allow users of the company’s spreadsheet software to enter complex formulas inside Excel cells capable of executing commands both in the program itself and in a Windows computer’s local file system. Although XLM macros were replaced by VBA-based macros when Excel 5.0 was released, Microsoft has continued supporting this legacy feature over the years.
Although macros are convenient for Excel users, they have also been repeatedly abused by cybercriminals in their attacks. This is because, once enabled in a malicious document, they can give a threat actor additional control over a user’s system to install malware or carry out other attacks.
With more people working from home than ever before last year, there was a huge uptick in the number of malware strains and cybercriminals abusing XLM macros in their attacks. Things got so bad that Microsoft even went to the trouble of adding XLM macro support to Microsoft 365’s Antimalware Scan Interface (AMS) in March of this year in an effort to help antivirus software deal with these kinds of attacks.
The company laid out its plan to disable the feature across three stages according to The Record. The feature will be disabled by default for Microsoft 365 Insiders beginning at the end of this month, those on the current channel will see it disabled in early November and the Monthly Enterprise Channel (MEC) will have XLM macros disabled by default in December.
These efforts may not be enough for security researchers though as they are now asking Microsoft to also disable VBA macros as default.