Following the blocking of VBA macros by default in Microsoft Office apps – read about the ups and downs of that story here – Microsoft has announced that all untrusted XLL add-ins will be blocked by default.
Microsoft Excel now blocking untrusted XLL add-ins by default (bleepingcomputer.com)
Blocking any avenue of attack in what is probably the worlds most office application has to be a positive step for any organisation’s cyber security. It does not mean that functionality is lost – just that you or the person responsible for your cyber security will need to enable the blocked functionality for users that have a “real” business case for using that tool. Notice I said real, that is because I have been stuck in the middle of a “debate” when a user had an imagined business case for unblocking macros!
Of course closing attack vectors just means the threat actors go looking elsewhere – hence the new OneNote .one attacks.
What you need to know?
You just have to face up to the fact that Microsoft Office apps (this week called Microsoft 365!) will always be a target for threat actors – it is up to you to take all the steps to meet your risk.
Clive Catton MSc (Cyber Security) – by-line and other articles