Microsoft is taking steps to disable Excel XLL files downloaded from the internet in an attempt to block an attack vector popular among criminals. The company attributes the change, which takes effect in March, to an influx of attacks in recent months using malware-laced XLL files.
XLL files are a type of DLL that add extra functionality to spreadsheets through third-party applications and can be opened only with Excel. Currently, opening an XLL merely displays a warning about potentially dangerous code.
Microsoft took a series of measures last year to curb attacks that weaponize their products or byproducts of their services. The company disabled Visual Basic for Applications (VBA) macros by default in Excel, PowerPoint, Visio, Word, Access and many other products.
Before carrying out the restriction, trying to open a macro-enabled document would prompt users with a notification that macros were blocked. However, users could turn them back on at the press of a button.
The restriction saw that re-enabling potentially hazardous macros in documents would be slightly more laborious.
Blocking external Excel XLL add-ins will follow a similar approach. Instead of merely informing users about the hazards of tampering with these files, Microsoft plans to disable the feature and notify users about the restriction.
Security experts agreed that customers often ignore warnings about interacting with potentially dangerous documents or macros and often allow them on their systems, even when advised not to.
The best way to deal with such situations is to ensure that customers truly understand the risks they subject themselves to, which is the goal behind blocking externally downloaded XLL files.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsDecember 19, 2024
November 14, 2024