Microsoft will protect Excel users from malware by disabling this ancient feature
Excel 4.0 XLM macros can be used to get malware onto people's PCs, so Microsoft is disabling them by default.
What you need to know
- Microsoft will soon disable Excel 4.0 XLM macros by default.
- The move is to improve security, as these types of macros can be used by threat actors to get malware onto PCs.
- People can use VBA macros instead, which support Antimalware Scan Interface.
Microsoft will soon disable Excel 4.0 XLM macros by default to protect people's PCs. These types of macros can be used by threat actors to get malware onto people's PCs. Attackers can place XLM macros into malicious documents that download malware onto the computers of unsuspecting victims. The switch will disable these types of macros by default in Microsoft 365 tenants.
Instead of Excel 4.0 XLM macros, Microsoft recommends that people use VBA macros. The company has pushed people towards these more secure macros for years but will now take that push further by disabling Excel 4.0 XLM macros by default. VBA macros support Antimalware Scan Interface (AMSI), which can scan documents for malware and other dangerous content.
Windows admins can disable XLM macros through the Excel Trust Center, though soon Microsoft will disable Excel 4.0 macros by default. Preview builds will have XLM macros disabled by default in October, and the change will roll out to the Current Channel in November (via Bleeping Computer).
The details of the switch were shared on Twitter by Omri Segev Moyal:
- Insiders-Slow: will rollout in late October and be complete in early November.
- Current Channel: will rollout in early November and be complete in mid-November.
- Monthly Enterprise Channel (MEC): will begin and complete rollout in mid-December.
If admins or individuals have already manually configured settings related to XLM macros, Microsoft won't change those settings.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.