Microsoft has made an important change to its Excel spreadsheet software which should make it more secure for users worldwide.
In the summer of 2022, Microsoft decided to finally put a stop to the abuse of macros in Office files, which were widely used to deploy malware to target endpoints, prompting Microsoft to block all macros in Office files downloaded from the internet.
Since then, hackers started experimenting with alternative methods to deliver various malware payloads, and one methodology grew popular – XLL add-ins.
Rolling out the feature
XLL files are essentially DLLs Excel users can add to expand the program’s functionalities with things like dialog boxes, custom functions, or toolbars. As such, they presented the next best way to deploy malware, after macros.
Now, in a new announcement, Microsoft said Excel is blocking all untrusted XLL add-ins by default in Microsoft 365 tenants worldwide.
The change was first announced in early January this year, when the company added it to the Microsoft 365 roadmap and rolled it out to Insiders for testing.
Today, two months later, it’s rolling the feature out to all other users. By late March, all desktop users in the Current, Monthly Enterprise, and Semi-Annual Enterprise channels, should get this extra layer of protection.
“We are introducing a default change for Excel Windows desktop apps that run XLL add-ins: XLL add-ins from untrusted locations will now be blocked by default,” Microsoft said. “We have already completed rolling out to Insiders preview. We will begin rolling out early March and expect to complete by late March.”
Once the change is complete, users will be notified when trying to run XLL-powered content coming in from an untrusted location. The notification will explain what the potential risks are, and share more information on how to make sure users stay safe.
Once the update rolls out, it’s safe to assume that delivering malware with shortcut files (.LNK) will become even more popular.
These are the best firewalls today