Microsoft now restricts XLM macros in Excel by default

While many organizations still use the Excel 4.0 Macro (XLM) for their automation activities, Microsoft has been encouraging the move to the more secure Visual Basic for Applications (VBA) for quite some time now . This is because attackers abuse macros to frequently inject malware into corporate systems, so their continued use facilitates a relatively accessible attack surface. Microsoft tried to address this issue to some extent by introducing XLM macro code validation at runtime in March 2021, and today it is taking it one step further.

Microsoft has now announced that it will restrict XLM macros by default for customers using Excel. This is something the company already hinted at back in July 2021 , and the change is now being rolled out publicly. By default, the Excel Trust Center setting to use macros will indicate that the language is disabled.

However, IT admin organizations apparently still have the ability to change the default behavior through group policy, cloud policies, and ADMX policies, which are documented on the Microsoft blog here .

The new default configuration is currently being rolled out to the following clients:

  • Current Channel build 2110 or higher (first released in October)
  • Monthly Enterprise Channel Build 2110 or higher (first release in December)
  • Semi-Annual Enterprise Channel (Preview) Builds 2201 or later (We’re building this in January 2022, but will first ship in March 2022)
  • Semi-Annual Enterprise Channel build 2201 or later (shipping July 2022)

In short, this applies to the September fork of version 16.0.14527.20000 and up. IT administrators can also completely disable the use of existing and new XLM macros in an organization to improve security, and if you manage your organization’s security, you should probably check out the Microsoft blog post here .