Microsoft Excel has made an important security move to keep your data safe
Microsoft has made a major change to its Excel spreadsheet software (opens in new tab) which should make it safer for users around the world.
In the summer of 2022, Microsoft finally decided to end the abuse of macros in Office files, which were widely used to deploy malware on target endpoints, leading Microsoft to remove all macros in Office files downloaded from the Internet, blocked.
Since then, hackers have started experimenting with alternative methods of delivering various malware payloads, and one method became popular: XLL add-ins.
Roll out the feature
XLL files are essentially DLLs that Excel users can add to extend the program’s functionality with things like dialog boxes, custom functions, or toolbars. As such, they presented the next best way to deploy malware, after macros.
Now, in a new announcement, Microsoft said Excel is blocking all untrusted XLL add-ins by default in Microsoft 365 tenants worldwide.
The change was first announced in early January this year when the company added it to the Microsoft 365 roadmap and rolled it out to Insiders for testing.
Today, two months later, it is rolling out the feature to all other users. By the end of March, all desktop users in the Current, Monthly Enterprise, and Semi-Annual Enterprise channels should get this additional layer of protection.
We are introducing a default change for Excel Windows desktop apps that run XLL add-ins: XLL add-ins from untrusted locations are now blocked by default. “We have already completed the rollout to Insiders Preview. We will begin the rollout in early March and expect to be complete by the end of March.”
Once the change is complete, users will be notified when they try to run XLL-powered content coming in from an untrusted location. The notification explains the potential risks and shares more information on how to keep users safe.
Once the update rolls out, it’s safe to assume that delivering malware with shortcut files (.LNK) will become even more popular.
Through: Beeping computer (opens in new tab)