Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Microsoft Office to Block XLL Add-ins From Internet

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Microsoft is getting ready to improve the protection of Office users by automatically blocking more content sourced from the internet.

Building on previous restrictions that applied to macros in Word and Excel documents, the company is now preparing to block XLL add-ins in Excel files.

XLL add-ins are dynamic link library (DLL) files written in C or C++, and which can only be opened in Excel.

Over the past several years, threat actors have been abusing XLL files for the distribution of malware, typically in phishing campaigns that either deliver the XLL as an attachment, or direct the intended victims to malicious websites from where the XLL is automatically downloaded.

“In order to combat the increasing number of malware attacks in recent months, we are implementing measures that will block XLL add-ins coming from the internet,” the latest entry in the Microsoft 365 roadmap reads.

For the time being, the feature is only in development, with intended worldwide general availability set for March 2023.

The blocking of XLL add-ins is the latest step Microsoft is taking towards preventing the use of malicious Office documents for the delivery of malware and for other malicious purposes.

For years, Office documents downloaded from the internet have been automatically opened in Protected View, with a yellow notification being displayed at the top of the document warning users not to trust internet-sourced files.

Advertisement. Scroll to continue reading.

However, an ‘Enable editing’ button on the notification allows users to exit Protected View and edit the document’s content, but which also results in any macro code included in the file being automatically executed.

To further strengthen the security of its users, Microsoft last year announced that the yellow notification for documents coming from unknown or untrusted sources is being replaced with a red warning that does not allow users to enable macros with a single click. The company also started restricting all Excel 4.0 (XLM) macros by default.

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights