Microsoft has made a significant change to its Excel spreadsheet software (opens in a new tab) that should make it more secure for users around the world.
In the summer of 2022, Microsoft finally decided to end the misuse of macros in Office files, which were widely used to deploy malware to target devices, which led to Microsoft blocking all macros in Office files. Office downloaded from the Internet.
Since then, hackers have started experimenting with alternative methods of delivering various malware payloads, and one methodology has become popular: XLL plugins.
Implementation of functions
XLL files are basically DLL files that Excel users can add to extend the functionality of the program with things like dialog boxes, custom functions, or toolbars. As such, they presented the best way to deploy malware, after macros.
Now, in a new announcement, Microsoft said that Excel is blocking all untrusted XLL add-ins by default in Microsoft 365 tenants worldwide.
The change was first announced in early January of this year, when the company added it to the Microsoft 365 roadmap and piloted it.
Now, two months later, it's rolling out the feature to all other users. By the end of March, all desktop users in the Current, Business Monthly, and Business Semi-Annual channels should have this extra layer of protection.
“We are introducing a default change for Excel Windows desktop applications running XLL add-ins: XLL add-ins from untrusted locations will now be blocked by default,” Microsoft said. "We have already completed the Insiders Preview rollout. We will start the rollout in early March and expect to complete it by the end of March."
Once the change is made, users will be warned when they try to run XLL-powered content from an untrusted location. The notification will explain what the potential risks are and share more information on how to ensure users stay safe.
Once the update is rolled out, it is safe to assume that the spread of malware with shortcut (.LNK) files will become even more popular.
Via: BleepingComputer (Opens in a new tab)