Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Microsoft puts a stop to Excel add-ins from the Internet
#1
Information 
Quote:Malicious Excel add-ins from the Internet attacks have skyrocket in recent time. Microsoft therefore no longer wants to allow them from March 2023 onwards.

[Image: excel-add-ins.png]

Excel add-ins from the Internet are a major threat to security. HP's Wolf Security Threat Insights Report for the fourth quarter of 2021 highlighted a 588% increase in Microsoft Excel add-in attacks compared to the previous quarter of the year.

HP's research team found information about Excel add-in dropper and malware kits on the dark web, which allow less experienced attackers to create malware campaigns that use the Excel add-on attack vector. A growing number of malware families is using Excel add-ons to spread.

Just last month, security experts at Cisco Thalos published a threat spotlight about the use of malicious Excel add-ins by threat actors.

How Excel add-ins work

Excel add-in files, which have the .xll file extension, have been supported since Microsoft Excel 1997. Add-ins, which exist for other Office applications such as Word as well, are designed to enhance the functionality or the appearance of the application. They are provided as executable code and come in various formats.

Installation of add-ins is not identical across Office applications. Word add-ons, for example, need to be added specifically by an administrator. Excel add-ins, on the other hand, execute directly when a user double-clicks on the file name. Excel is launched directly when an Excel .xll file is loaded on a Windows machine.

A security message is displayed by Excel when an .xll file is about to be loaded into the application. Options to enable the add-in for the session or leave it disabled are provided.

XLL files may be distributed via email, on websites, chat messages, and other distribution options. Malicious Excel add-ins include event handling functions that are called when a document is opened or closed, or when other events happen. These allow the attacker to launch malicious macro code.

Excel: Blocking xll Add-ins from the Internet

Microsoft plans to block Excel add-ins from the Internet on all Office desktop and cloud platforms starting March 2023.

The company notes: "In order to combat the increasing number of malware attacks in recent months, we are implementing measures that will block XLL add-ins coming from the internet".

Excel add-ins from the local machine or those downloaded from within Excel using Insert > Add-ins > Get Add-ins are not blocked.
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>