Microsoft-Excel-Devices-Microsoft

Microsoft is adding a new security feature that it thinks will make it harder for malware to spread via XLL add-ins. According to Bleeping Computer, Microsoft will start blocking XLL Excel add-ins that come from the internet and plans to implement the change by March.

The company’s reasoning is to prevent hackers from being able to initiate malware attacks through the add-ins. There has been a growth in attacks that target XLL add-ins that originate from the internet.

Microsoft details its plans in the Microsoft 365 roadmap, saying that users of Excel on Monthly Enterprise Channel, Semi-Annual Enterprise Channel, General Availability, Preview, and Current Channel will no longer be able to access XLL add-ins online.

XLL is any extension for Excel add-ins that is a dynamic-link libraries (DLL) files. These files will usually be installed directly by an admin. In other words, an attachment of XLL files is uncommon. Even so, the XLL file extension icon looks similar to other types of Excel extensions. This means that someone my think an XLL is a regular extension and open it.

Attack Method

Excel will surface a warning when a suspicious add-in is detected, but the user clicking “enable” could execute the add-in. If the add-in is malicious, the malware will deploy and infiltrate the system.

“XLL files can be a good choice for adversaries seeking to gain an initial foothold on a victim machine,” explains Unit 42 by Palo Alto Networks. “An attacker can get code packaged into a DLL loaded by Excel, which in turn may mislead security products that are not prepared to deal with this scenario.”

As always with these kinds of email-based attacks, simply not interacting with links, attachments, or emails that seem suspicious is enough to prevent an attack. Obviously, not interacting specifically with XLL attachments will avoid problems related to this type of attack.

Tip of the day: Did you know that your data and privacy might be at risk if you run Windows without encryption? A bootable USB with a live-linux distribution is often just enough to gain access to all of your files.

If you want to change that, check out our detailed BitLocker guide where we show you how to turn on encryption for your system disk or any other drive you might be using in your computer.