Making Excel Less Of An XXL Risk By Blocking Free Roaming XLL Files

First the VBA file, then the XLSM…

A Microsoft Excel XLL file is a DLL that contains an executable file and is treated as an add-in by Excel. These are very useful for heavy Excel users, but can cause nightmares if installed from questionable sources. Random Internet sites that are not official corporate networks.

This is the latest in Microsoft’s campaign to reduce Excel’s attack surface. As I said in the title, my first VBA macro could not run unless it came from an approved source. Then came XLSM, where Excel workbooks containing macros themselves are blocked by default, preventing users from downloading them from malicious people who have embedded nasty macros containing malware.

Finally, Microsoft did the same for XLL files and blocked them by default. Because it is not so difficult to hide malware executables and useful functions in those files. It runs from trusted network locations, but not from email or randomly downloaded files.

As Bleeping Computer said, attacks using XLL files have increased “nearly six-fold” over the past two years, making it difficult for standard AV programs to spot malware embedded in XLL files.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *