September 21, 2023

Microsoft is planning  to block all XLL add-in files downloaded from the internet automatically for its 265 customers by March 2023 to prevent phishing attacks relying on these types of lures.

The abuse of Microsoft add-ins by adversaries is a technique that has been used by threat actors for years to execute malicious code.  The Microsoft Office Suite evolving as a widespread deployment and is an attractive mechanism for adversaries to carry out attacks due to its ubiquity in corporate environments and personal machines.

Advertisements

The rise in the spread of malicious Microsoft add-ins is possibly connected to the recent hardening of macros implemented by Microsoft in the Office Suite last year.

Since microsoft is decided to close or reduce the attack surface, this might lead the threat actors to explore or discover other mechanisms to achieve their objectives

For now,  it’s unclear at this point whether just going to be a warning that users can easily click through, a more proactive ‘off by default’ setting, or whether they are going to disable it entirely for XLL files downloaded from the internet.

Tags:

Leave a Reply

You may have missed

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023

GitLab Addresses Critical Vulnerability -CVE-2023-4998

September 20, 2023

Crowdstrike New Offerings and Bionic.ai Acquisition

September 20, 2023

Microsoft AI exposed terabytes of data accidentally

September 19, 2023
%d bloggers like this: