Microsoft Excel update is offering some welcome extra security protection

Microsoft Excel
(Image credit: Shutterstock / 200dgr)

Microsoft has announced that it has broadened the scope of the Antimalware Scan Interface (AMSI) with Office 365 to hunt for Excel 4.0 (XLM) macros.

The move is the result of an increase in XLM-based malware. Interestingly, XLM is Excel’s legacy macro language that was replaced with Visual Basic for Application (VBA) in the early 1990s. 

“This integration, an example of the many security features released for Microsoft 365 Apps on a regular basis, reflects our commitment to continuously increase protection for Microsoft 365 customers against the latest threats,” share three members of different security teams in a joint post.

Victim of its own success

Microsoft is in a way somewhat a victim of its own success here, as according to the post, the release of AMSI in 2018 stripped macro-malware of its destructive powers. 

As AMSI mastered the art of blocking malicious macro scripts written in VBA, threat actors behind wide-spread trojans and malware including Trickbot, Zloader, and Ursnif, were forced to switch to the abandoned, but still supported, and quite powerful XLM. 

“Cybercriminals know this, and they have been abusing XLM macros, increasingly more frequently, to call Win32 APIs and run shell commands,” the developers write. With its new capabilities, AMSI has now also nullified XLM macro-based attacks. 

The developers point out that AMSI data is leveraged by all Microsoft Defender for Endpoint products including Microsoft Defender Antivirus, which is the built-in antivirus solution on Windows 10. When it detects a malicious XLM macro, it’ll prevent its execution and even terminate Excel to block the attack completely. 

“Because AMSI is an open interface, other antivirus solutions can leverage the same visibility to improve protections against threats,” the developers conclude inviting other security vendors to leverage AMSI in their antivirus solutions.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.