Microsoft Excel is making a big change to protect against malware

Excel 4.0 (XLM) macros are now disabled by default, Microsoft has confirmed. In a Tech Community blog post, the company revealed that the change has been made to better protect users against “related security threats” coming through spreadsheets.

Back in July 2021, the company released a new Excel Trust Center setting option, allowing administrators to restrict the usage of Excel 4.0 (XLM) macros. It has now made this option default for everyone.

Administrators can use existing Microsoft 365 applications policy control to configure this setting, the announcement reads. The Group Policy setting “Macro Notification Settings” for Excel can be found in the following path and registry key:

Group Policy Path: User configuration > Administrative templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center.

Registry Key Path: Computer\HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office.0\excel\security

Malicious actors often abuse macros

Furthermore, administrators can manage this policy setting with both cloud policies, and ADMX policies. They can also completely block all XLM macro usage, including in new user-created files, by enabling the Group Policy, “Prevent Excel from running XLM macros”, Microsoft added. 

Excel 4.0 (XLM) macros were the default format until 1993, and even though they’ve since been discontinued, they can still be run by the latest versions of the Office program. That makes them ideal for threat actors, who’ve been abusing them to push malware such as TrickBot, Zloader, Qbot, Dridex, ransomware, and many other malicious programs, BleepingComputer reminds. 

The publication also reminds that in October 2019, Microsoft added a new Group Policy, allowing administrators to block Excel users from opening untrusted Microsoft query files with IQY, OQY, DQY and RQY extensions. It claims that these files have been weaponized in “numerous malicious attacks”, to deliver remote access Trojans and malware, for years. 

XLM is disabled by default in version 16.0.14527.20000+, current Channel builds 2110 or greater, monthly Enterprise Channel builds 2110 or greater, semi-annual Enterprise Channel (Preview) builds 2201 or greater, and semi-annual Enterprise Channel builds 2201 or greater (coming this July).

Via: BleepingComputer

TechRadar – All the latest technology news

Read More

Zoom thinks it can help the fight against global terrorism

Far from just allowing users to stay in touch with family and friends around the globe, Zoom now also wants to tackle online terrorism.

The video conferencing giant has announced it is joining the Global Internet Forum to Counter Terrorism (GIFCT) alongside the likes of Microsoft, Amazon and Meta.

“It is our responsibility to support our users and protect them against online threats,” Josh Parecki, Zoom's associate general counsel for trust and safety, told Reuters. “By collaborating with other leaders across the industry, sharing key learnings and advancing research, we aspire to make the digital world a safer place for all.”

Zoom GIFCT

Formed by Facebook, Microsoft, Twitter, and YouTube in 2017 following a spate of deadly terrorist attacks across Europe, GIFCT says its mission is “to prevent terrorists and violent extremists from exploiting digital platforms.” 

Now numbering 18 companies following Zoom's addition, the NGO was initially focused on sharing technical collaboration to combat online extremism, but has since expanded to managing a hash-sharing database.

This allows members to share unique “hashes” – records of original content that have had to be removed from their platforms or services following extremism concerns.

These hashes are then used by other GIFCT members to identify if similar content has been uploaded to their platforms.

In a statement, GIFCT Executive Director Nicholas Rasmussen said it was delighted to have Zoom as a partner. He noted that the group's mission “requires we work with a diverse range of companies …to develop cross-platform solutions that render terrorists and violent extremists ineffective across the Internet”.

After an initial surge in popularity and an explosion in user numbers at the start of the pandemic, Zoom came under heavy criticism for failing to secure its platform. 

Following several high-profile “Zoombombing” incidents where outside parties were able to gain access to Zoom calls without permission, the company carried out a major upheaval of its security protections.

TechRadar – All the latest technology news

Read More