Microsoft has confirmed that it plans to change its software to automatically block all XLL add-in files that have been downloaded from the internet. The reasoning behind the update is to prevent phishing attacks and malware downloads that rely on these types of lures. Microsoft stated that the plans will be implemented by March of this year to combat the increasing number of malware attacks targeting its users over the past few months.
Adversaries have been abusing Microsoft add-ins to execute malicious code for years, Microsoft says. The rise of malicious add-ins could be connected to Microsoft’s move last year to harden macros. Microsoft is seeking to reduce the attack surface and increase the efforts required for threat actors to launch an attack on their products, hoping to lower the number of attacks as a whole. It is unclear whether the add-in blocking will be an optional feature or applied to all Microsoft 365 users.
Read More: Microsoft to Block Excel XLL Add-Ins to Stop Malware Delivery