XLM macros are now restricted by default for Microsoft Excel

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • Due to increased security concerns, Microsoft has decided to take immediate action.
  • The Redmond tech giant has therefore decided to disable Excel XLM macros by default.
  • So, the Excel Trust Center option for macros will indicate that the language is disabled.
  • Of course, IT admins and organizations still have the ability to modify the default behavior .
excel

It’s safe to say that many individuals, as well as organizations, still use Excel 4.0 (XLM) macro for their automation activities.

This happens even though Microsoft has been encouraging the transition to the more secure Visual Basic for Applications (VBA) for quite some time now.

Such measures had to be taken because malicious third parties abuse macros to inject malware into enterprise systems frequently, so their continued use facilitates a relatively accessible attack window.

Security threats prompted XLM macro restrictions in Excel

The Redmond-based tech giant tried to tackle this problem to some extent by introducing runtime inspection of XLM macro code, back in March 2021.

Now, Microsoft announced that it will restrict XLM macros by default for customers utilizing Excel, after hinting at it back in July 2021, and the change is now rolling out publicly.

Be default, the Excel Trust Center option for the use of macros will indicate that the language is disabled.

IT admins and organizations obviously still have the ability to modify the default behavior using Group Policy, Cloud policies, and ADMX policies.

  • Cloud policies may be deployed with the Office cloud policy service for policies in HKCU.  Cloud policies apply to a user on any device accessing files in Office apps with their AAD account.
  • ADMX policies may be deployed with Microsoft Endpoint Manager (MEM) for both HKCU and HKLM policies. These settings are written to the same place as Group Policy, but managed from the cloud in MEM. There are two methods to create and deploy policy configurations: Administrative templates or the settings catalog.

The new default configuration is now rolling out for the following customers:

  • Current Channel builds 2110 or greater (first released in October)
  • Monthly Enterprise Channel builds 2110 or greater (first released in December)
  • Semi-Annual Enterprise Channel (Preview) builds 2201 or greater (we create this in January 2022, but it first ships in March 2022)
  • Semi-Annual Enterprise Channel builds 2201 or greater (will ship July 2022)

Just to make sure there aren’t any confusions, it applies to the September fork version 16.0.14527.20000 and above.

Of course, IT admins can also choose to completely disable the use of existing and new XLM macros across an organization for enhanced security.

What are your feelings on these latest seurity measures imposed by Microsoft? Share your thoughts with us in the comments section below.

This article covers:Topics: