• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Microsoft to Block Excel XLL Add-Ins to Stop Malware Delivery

You are here: Home / General Cyber Security News / Microsoft to Block Excel XLL Add-Ins to Stop Malware Delivery
January 24, 2023

Microsoft has declared plans for its 365 shoppers to routinely block all XLL add-in files downloaded from the internet to reduce phishing attacks relying on these forms of lures.

Creating on its Microsoft 365 roadmap webpage, the tech huge has verified it intends to carry out these plans by March 2023.

“To battle the raising amount of malware attacks in latest months, we are utilizing actions that will block XLL include-ins coming from the internet.”

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


In accordance to Dave Storie, adversarial collaboration engineer at Lares Consulting, the abuse of Microsoft include-ins by adversaries is a procedure that has been made use of by risk actors for many years to execute destructive code.

“The Microsoft Workplace Suite is an interesting mechanism for adversaries to carry out attacks owing to its ubiquity in company environments and private machines,” Storie advised Infosecurity through email. “The widespread deployment of the Place of work suite can enable risk actors to get a lot of mileage out of their malware.”

The security qualified also added that the current increase in the distribute of destructive Microsoft add-ins is quite possibly related to the latest hardening of macros applied by Microsoft in the Workplace Suite last yr.

“When businesses like Microsoft minimize the attack surface area or otherwise boost the work required to execute an attack on their item offerings, it forces menace actors to take a look at alternate avenues,” Storie explained. “This typically potential customers to exploring earlier known, most likely significantly less best, choices for danger actors to achieve their targets.”

Mike Parkin, a senior complex engineer at Vulcan Cyber, echoed Storie’s position but extra that even though the element is welcome, it also details out how normally destructive actors abuse the Business office suite’s capabilities.

“Unfortunately, it’s unclear at this level whether [the new feature is] just heading to be a warning that users can easily click on via, a additional proactive ‘off by default’ location, or whether they are heading to disable it totally for XLL data files downloaded from the internet,” Parkin instructed Infosecurity in an email.

The Microsoft announcement will come months following France’s electronic privacy regulator fined the US tech large €60m ($65.18m) over advertising cookies.


Some sections of this posting are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News #DataPrivacyWeek: Consumers Already Concerned About AI’s Impact on Data Privacy

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Microsoft to Block Excel XLL Add-Ins to Stop Malware Delivery
  • #DataPrivacyWeek: Consumers Already Concerned About AI’s Impact on Data Privacy
  • Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection
  • FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft
  • Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium
  • Up to 350,000 open source projects vulnerable to 15-year-old Python bug
  • Emotet Malware Makes a Comeback with New Evasion Techniques
  • Gartner: Zero Trust Won’t Mitigate Over Half of Attacks
  • ICO Offers Data Protection Advice to SMBs
  • Record-Breaking Year for DDoS Attacks Targeting Russia

Copyright © TheCyberSecurity.News, All Rights Reserved.