Microsoft to disable Excel 4.0 macros by default to improve security

Rabia Noureen


Microsoft is getting ready to disable Excel 4.0 XLM macros by default to protect users from malicious documents. The change will begin later this month and is expected to be completed by mid-December, according to an email sent out to Office 365 commercial users (via Bleeping Computer).

Excel 4.0 macros, also known as XLM macro, is a legacy Microsoft Excel feature that was first introduced back in 1992. It is a programming code or series of instructions that enable users to automate repetitive tasks in Excel. However, this feature has also been repeatedly used by threat actors to launch XLM-based malware attacks and get control over users’ PCs.

To address this issue, the Redmond giant plans to disable Excel 4.0 macros in all Microsoft 365 tenants and recommends Excel users to switch to VBA macros instead. “The setting “Enable XLM macros when VBA macros are enabled” will now be unchecked by default, thus disabling XLM macros. This change is limited to end-users who have not yet configured this macro setting or who do not have a group policy configured by their tenant admins,” the company explained.

It is important to note that the rollout of this change is expected to happen in three phases. The new default behavior will be enabled for Office Insiders in preview builds in late October, and it will gradually expand to the production machines by the end of this year.

Microsoft says this move should provide a more secure experience against malicious attacks, such as TrickBot, Qbot, Dridex, and Zloader. In the meantime, IT Admins can also follow the steps mentioned on this page to restrict the usage of XML macros in their organizations.