Microsoft will protect Excel users from malware by disabling this ancient feature

Office desktop apps
Office desktop apps (Image credit: Windows Central)

What you need to know

  • Microsoft will soon disable Excel 4.0 XLM macros by default.
  • The move is to improve security, as these types of macros can be used by threat actors to get malware onto PCs.
  • People can use VBA macros instead, which support Antimalware Scan Interface.

Microsoft will soon disable Excel 4.0 XLM macros by default to protect people's PCs. These types of macros can be used by threat actors to get malware onto people's PCs. Attackers can place XLM macros into malicious documents that download malware onto the computers of unsuspecting victims. The switch will disable these types of macros by default in Microsoft 365 tenants.

Instead of Excel 4.0 XLM macros, Microsoft recommends that people use VBA macros. The company has pushed people towards these more secure macros for years but will now take that push further by disabling Excel 4.0 XLM macros by default. VBA macros support Antimalware Scan Interface (AMSI), which can scan documents for malware and other dangerous content.

Windows admins can disable XLM macros through the Excel Trust Center, though soon Microsoft will disable Excel 4.0 macros by default. Preview builds will have XLM macros disabled by default in October, and the change will roll out to the Current Channel in November (via Bleeping Computer).

Latest Videos From

The details of the switch were shared on Twitter by Omri Segev Moyal:

  • Insiders-Slow: will rollout in late October and be complete in early November.
  • Current Channel: will rollout in early November and be complete in mid-November.
  • Monthly Enterprise Channel (MEC): will begin and complete rollout in mid-December.

If admins or individuals have already manually configured settings related to XLM macros, Microsoft won't change those settings.

Sean Endicott
News Writer

Sean Endicott is a News Writer at Windows Central, where he covers Windows 11, Surface hardware, Microsoft 365, AI, apps, and the broader PC ecosystem. Since joining the site in 2017, he has written well over a thousand articles across the Microsoft landscape, covering breaking news, analysis, and feature reporting.

He writes Windows Wrap, a weekly column covering the biggest stories in Windows and the PC industry, and what they mean for the platform going forward.

Before joining Windows Central full-time, Sean worked in journalism and media production after earning a First Class degree in Broadcast Journalism from Nottingham Trent University. Outside of tech, he is an award-winning American football coach based in Nottingham, England, and was named BAFCA Youth Coach of the Year in 2024.