{"id":16639,"date":"2023-01-24T14:32:36","date_gmt":"2023-01-24T13:32:36","guid":{"rendered":"https:\/\/www.show.it\/microsoft-office-to-block-xll-add-ins-from-internet\/"},"modified":"2023-01-24T14:32:36","modified_gmt":"2023-01-24T13:32:36","slug":"microsoft-office-to-block-xll-add-ins-from-internet","status":"publish","type":"post","link":"https:\/\/www.show.it\/en\/microsoft-office-to-block-xll-add-ins-from-internet\/","title":{"rendered":"Microsoft Office to Block XLL Add-ins From Internet"},"content":{"rendered":"

Microsoft is getting ready to improve the protection of Office users by automatically blocking more content sourced from the internet.<\/strong><\/p>\n

Building on previous restrictions that applied to macros in Word and Excel documents, the company is now preparing to block XLL add-ins in Excel files.<\/p>\n

XLL add-ins are dynamic link library (DLL) files written in C or C++, and which can only be opened in Excel.<\/p>\n

Over the past several years, threat actors have been abusing XLL files for the distribution of malware, typically in phishing campaigns that either deliver the XLL as an attachment, or direct the intended victims to malicious websites from where the XLL is automatically downloaded.<\/p>\n

\u201cIn order to combat the increasing number of malware attacks in recent months, we are implementing measures that will block XLL add-ins coming from the internet,\u201d the latest entry in the Microsoft 365 roadmap<\/a> reads.<\/p>\n

For the time being, the feature is only in development, with intended worldwide general availability set for March 2023.<\/p>\n

The blocking of XLL add-ins is the latest step Microsoft is taking towards preventing the use of malicious Office documents for the delivery of malware and for other malicious purposes.<\/p>\n

For years, Office documents downloaded from the internet have been automatically opened in Protected View<\/a>, with a yellow notification being displayed at the top of the document warning users not to trust internet-sourced files.<\/p>\n

However, an \u2018Enable editing\u2019 button on the notification allows users to exit Protected View and edit the document\u2019s content, but which also results in any macro code included in the file being automatically executed.<\/p>\n

To further strengthen the security of its users, Microsoft last year announced that the yellow notification for documents coming from unknown or untrusted sources is being replaced with a red warning that does not allow users to enable macros with a single click<\/a>. The company also started restricting all Excel 4.0 (XLM) macros by default<\/a>.<\/p>\n

\n
\n

Related: Microsoft Resumes Rollout of Macro Blocking Feature<\/a><\/strong><\/p>\n

Related: New Default Account Lockout Policy in Windows 11 Blocks Brute Force Attacks<\/a><\/strong><\/p>\n

Related: Document Exploiting New Microsoft Office Zero-Day Seen in the Wild<\/a><\/strong><\/p>\n<\/div>\n<\/div>\n

The post Microsoft Office to Block XLL Add-ins From Internet<\/a> appeared first on SecurityWeek<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Microsoft is getting ready to improve the protection of Office users by automatically blocking more content sourced from the internet. Building on previous restrictions that applied to macros in Word and Excel documents, the company is now preparing to block XLL add-ins in Excel files. XLL add-ins are dynamic link library (DLL) files written in […]<\/p>\n","protected":false},"author":2,"featured_media":16640,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[80,81],"tags":[],"class_list":["post-16639","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware-threats","category-office"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16639","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/comments?post=16639"}],"version-history":[{"count":0,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16639\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media\/16640"}],"wp:attachment":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media?parent=16639"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/categories?post=16639"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/tags?post=16639"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}