Microsoft will block Excel XLL add-ins for security reasons

The Redmond giant will introduce a new security measure to deter hackers. The goal is to remove the possibility of distributing malware using XLL plugins. As Bleeping Computer discovered, the Excel team will start blocking XLL add-ins on the Internet starting in March. Once the new capacity will be generally available in March. Something similar to what happened in OneNote.

According to the software giant, the plan for implementing the new measures is in line with its goal of combating the growing number of malware attacks. More and more frequent in recent months. In its Microsoft 365 roadmap, the company says Excel will soon be included for desktop users everywhere. Coming soon to Monthly Trade Channel, Semi-Annual Trade Channel, General Availability, Preview, and Current Channel.

Excel is hardened against attacks

The new metric mirrors the HP Wolf Security Threat Insights report released last year, which highlighted “A nearly six-fold increase in the number of attackers using Excel add-ins (.XLL) to infect systems. » Cisco Talos, for his part, said that “Currently, a significant number of advanced persistent threat actors and malware families use XLL as an infection vector and this number continues to grow. »

XLL is an extension for Excel add-ins and essentially a DLL (dynamic link libraries) file. It is not common for these types of files to be used as email attachments, as they are often installed by administrators. However, since the XLL extension is linked with a similar icon to other Excel-compatible extensions, unsuspecting people may confuse it with other Excel file formats. This will trick those users into opening them. And while Excel will display a standard warning about the security issue, a single click of the “enable” button can launch the add-in. Once enabled, malware delivery will start in the background, allowing hackers to execute malicious code on the machine.

“…XLL files can be a good option for adversaries looking to gain a foothold on a victim machine”Palo Alto Networks Unit 42 says. “An attacker can obtain code packaged in a DLL loaded by Excel, which in turn can fool security products that are unprepared to deal with this scenario. »

How to Protect Against XLL File Attacks Today

Currently, the last thing users can do to protect themselves from XLL-delivered malware is to reject download links, attachments, or emails containing the file. This is particularly recommended in the case of suspicious emails. As well as links from unknown (including fake) senders and websites. Since criminals can disguise the files to look like legitimate documents.

Once the changes are implemented, Microsoft 365 users will have better protection that will block XLL add-ins downloaded from the Internet. This indicates security against attacks. And while the general availability of the next capability may still change, its arrival will significantly improve security for Microsoft customers.

Leave a Comment