Modern Excel has a danger zone that hackers increasingly use to get into your computer. It’s been there for well over twenty years but is being abused a lot more in 2021. Here’s how to disable it.
The problem is in a very old method of Excel automation called Excel 4.0 or XLM macros. They’ve been long replaced with VBA (Visual Basic for Applications). Some organizations still use XLM, despite the advantages of VBA and Microsoft’s pleas for them to stop using XLM.
Excel 4.0 XLM macro system was designed back in the days when Microsoft paid almost no attention to security risks in Office. When customers complained about hacking, Microsoft dismissed them with the name ‘prank macros’.
Increasingly, criminals are taking advantage of Excel’s antiquated XLM system to infiltrate computers and networks. Use of XLM exploits has increased during 2020 and into 2021.
As a result, even the latest Excel 365’s include XLM support despite the risk to the majority of Microsoft’s customers.
Simple safety trick
Unless you or your organization uses XLM macros, turn the damn thing OFF. It’s easy to do from File | Options | Trust Center | Trust Center Settings | Macro Settings.
With that option off, an attack won’t work even if you’re tricked into opening an infected workbook.
Microsoft should be ashamed that ‘Enable Excel 4.0 macros’ is still on by default. A properly cautious approach would be to disable XLM macros, leaving it for a small minority of customers to turn it on, if required.
New defence against an old problem, Excel XLM Macros
Excellent Excel for Web improvements
Sorting the Olympic medal table in Excel
