Microsoft Restricts Excel 4.0 Macros By Default To Contain Malware Attacks Via Malicious Documents

Macros-enabled documents have long been a potent vector for malware threats. Nonetheless, Microsoft now blocks such malware attack attempts by disabling Excel 4.0 Macros by default.

Microsoft Excel 4.0 Macros Disabled By Default

As elaborated in a recent post, Microsoft has disabled Excel 4.0 (XLM) Macros by default with the latest Excel builds.

Macros have been a powerful Excel utility facilitating users to perform repetitive activities with ease. By definition, a macro is a set of instructions that a user creates to perform a repeated activity on the data set without exhaustive manual commands in the future. According to Microsoft’s description,

If you have tasks in Microsoft Excel that you do repeatedly, you can record a macro to automate those tasks. A macro is an action or a set of actions that you can run as many times as you want. When you create a macro, you are recording your mouse clicks and keystrokes.

Despite being useful, macros are a common attack vector for threat actors. Enabling macros on malicious documents often lead to malware attacks that execute without warnings. Given the sneaky nature of this attack strategy, the threat actors frequently exploit it for malicious activities, like phishing and ransomware attacks.

Therefore, Microsoft decided to contain this matter by disabling macros. The tech giant first rolled out this setting in July 2021 as an optional feature. Then, with the September fork, Microsoft made it the default, gradually making it over to the recent Excel versions. Hence, now, the Excel build 16.0.14427.10000 and later have macros 4.0 disabled as a default setting.

Nonetheless, users can choose to make any changes or enable macros by modifying this setting. They can find this option in Microsoft Excel via File > Options > Trust Center > Trust Center Settings > Macro Settings.

Image: Latest Hacking News

While users can choose to enable macros, Microsoft advises users to remain cautious due to the underlying security risks.

Let us know your thoughts in the comments.

Related posts

Vulnerabilities In Cinterion Cellular Modems Threatened IoT And Industrial Devices

Google Admits Active Exploitation For Chrome Browser Zero-Day

Criminal IP and Quad9 Collaborate to Exchange Domain and IP Threat Intelligence